Bug Bounty

A bug bounty is currently open for Mars Hub and peripheral contracts. If you uncover a bug on Mars Hub testnet, report it via Immunefi.com to potentially earn a bounty worth as much as $100,000. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs. As shown in the table below, the scale focuses on the impact of a given vulnerability.

All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as a PoC and code is required.

Rewards for critical blockchain/DLT vulnerabilities are further capped at 10% of the economic damage potentially caused. However, there is a minimum reward of $20,000 and a maximum reward of $100,000. Please visit the Mars Bug Bounty page on Immunefi for complete details.