Penguin Finance
Search…
Penguin Finance
Intro to Penguin Finance
Getting Started
FAQ
Roadmap
Dapps
Igloos (Yield-Farming)
iPEFI Nest (Staking)
Penguin Launchpad (IDO Platform)
Club Penguin (Pools)
Penguin Emperor (King of the Hill)
Penguin Arena (Gaming dApp)
Penguinomics
PEFI Token
Marketing
Brand Assets
Development
Contracts
Security
Bug Bounty Program
About Us
Penguin Team
Our mission
Powered By GitBook
Bug Bounty Program
The Penguin Finance bug bounty program is an incentive system rewarding white-hat hackers for helping us identify bugs that would result in the loss of user funds, either by direct draining of funds or manipulation of the website's source code to force the user to sign a malicious transaction.

Smart Contracts and Blockchain*

Level
Reward
Critical
15% of VAR, up to $70,000 USD
High
$20,000 USD
Medium
$10,000 USD
Low
$3,000 USD
​
ℹ
 Please note that we now run this bug bounty in partnership with Immunefi.

Website and Apps

Level
Reward
Critical
$5,500 USD
High
$3,250 USD
Medium
$1,200 USD

In Scope:

Program Exclusions:

  • XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect
  • Missing HTTP security headers
  • Missing cookie flags on non-sensitive cookies
  • Missing best practices in SSL/TLS configuration
  • Attacks requiring MITM or physical access to a user's device
All bug reports must include proof of concept and remediation steps to be eligible for a reward. Please use CVSSv3 to determine the severity of the bug.
All payouts are done by the Penguin Finance team and are pegged to the USD values set here and are payable in PEFI or DAI.
To report a bug, message @pefidev or @codypefi on Telegram.
Development - Previous
Security
Next - About Us
Penguin Team
Last modified 4mo ago
Copy link
Contents
Smart Contracts and Blockchain*
Website and Apps