Avely Finance has launched a bug bounty programme ahead of the mainnet launch of its liquid staking protocol for the Zilliqa network.
The platform offers a liquid staking protocol built on Zilliqa that allows users to earn rewards from staking ZIL tokens without locking their funds.
When users delegate or transfer staked ZIL to the Avely Finance smart contract, they receive stZIL tokens in return, which can be transferred in the same way as standard ZIL tokens and used in applications such as DeFi protocols.
This testnet bug bounty programme is designed to strengthen the security of Avely Finance’s liquid staking smart contracts before the launch of its protocol on the Zilliqa mainnet, inviting Scilla developers to comb through the smart contract code and be rewarded for disclosing any vulnerabilities they discover.
The total reward pool for the bug bounty programme is $20,000, which is allocated as follows according to the category of any vulnerabilities discovered:
- Critical: These types of vulnerability allow attackers to steal user funds. Rewards range from $2,000 to $12,000 depending on complexity.
- High-risk: These types of vulnerability disrupt the functionality of a given smart contract in a way that directly impacts users. Rewards range from $1,000 to $5,000.
- Medium-risk: These types of vulnerability include issues with calculations. Rewards range from $400 to $2,500.
- Low-risk: These types of issues relate to suboptimal script performance. Rewards range from $100 to $400.
Avely Finance will evaluate each submission to the bug bounty programme and reward participants according to the severity of the reported vulnerabilities.
A number of further conditions apply to the programme, and vulnerabilities must fulfil a number of requirements for reporters to be eligible for a reward. Low-risk vulnerabilities may also be excluded depending on the viability of adapting smart contracts for minor efficiency improvements.
Read more about the details on the conditions of the bug bounty programme on the Avely Finance website.
How to participate in the bug bounty
To participate in the bug bounty programme and contribute to the security of Avely Finance’s liquid staking protocol, developers can explore the smart contract after reviewing the programme guidelines.
If you believe you have discovered a vulnerability in the smart contract code, send a detailed report to the Avely Finance team at [email protected].
The primary objectives of this programme are to detect any vulnerabilities that would need to be addressed before mainnet deployment and to promote transparency within the community while encouraging collaboration between users and the Avely Finance team.
Avely Finance has already commissioned four security audits to examine the liquid staking smart contracts on the Zilliqa testnet and has both added new features and addressed minor issues based on the feedback of those reports.
The bug bounty programme will continue for a period of three weeks. Once this period has elapsed, any vulnerabilities that have been discovered will be fixed and the Avely Finance team will then aim to deploy the liquid staking protocol on the Zilliqa mainnet.
Avely Finance invited security researchers, developers, and the wider community to participate in the bug bounty programme and earn rewards for identifying any potential vulnerabilities in the smart contract code that powers its liquid staking protocol.
Find out more about Avely Finance on the company’s official website.