Bug Bounty Program
The Penguin Finance bug bounty program is an incentive system rewarding white-hat hackers for helping us identify bugs that would result in the loss of user funds, either by direct draining of funds or manipulation of the website's source code to force the user to sign a malicious transaction.
- XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect
- Missing HTTP security headers
- Missing cookie flags on non-sensitive cookies
- Missing best practices in SSL/TLS configuration
- Attacks requiring MITM or physical access to a user's device
All bug reports must include proof of concept and remediation steps to be eligible for a reward. Please use CVSSv3 to determine the severity of the bug.
All payouts are done by the Penguin Finance team and are pegged to the USD values set here and are payable in PEFI or DAI.
To report a bug, message @pefidev or @codypefi on Telegram.