LogoLogo
AppBlogGovSocials
  • What is Premia?
    • Premia Origins
      • History
      • Principles
      • Mission, Vision, & Values
  • Quick Start
  • The Premia Protocol
    • Options on Premia
      • Options Primer
      • Order-book vs. AMM
    • Key Protocol Features
      • Base Layer (Exchange)
      • Depot Layer (Vaults)
      • Messaging Layer (RFQ & OB)
      • Fee Schedule
      • Differentiators
    • Concepts
      • LP Range Orders
      • Trading
      • Orderbook & Request-for-Quote (RFQ)
      • Fees
      • Exercise & Settlement
      • Margin
      • Oracles
      • Liquidity Mining
      • Referral Programs
      • Advanced Exchange Concepts
        • Token Integration Requirements
        • Flash Swaps and Loans
      • Vault Depot
        • What is a Depot?
        • APY Calculation
        • Underwriter Depot
    • Governance
      • Premian Civitas
        • Parliament
        • Blue Descent
        • Premian Assembly
        • "Influence" Politics
      • Voting (vxPremia)
        • vxPremia Manifold
        • vxPremia Rewards
          • Options Liquidity Mining
          • Protocol Commissions
          • AirDrip Initiative
      • Operator & Facilitator Role
        • Operational Expenditure and Maintenance Costs
        • Insurance Fund
      • Meta Economics
  • Developer Center
    • APIs
      • Orderbook API
        • REST API
        • WEBSOCKET
      • Subgraph API
      • Containerized API
        • API Reference
          • Orderbook
            • Quotes
            • Orders
          • Pool
            • Settle
            • Exercise
            • Annihilate
          • Account
            • Collateral Approval
            • Orders
            • Collateral Balances
            • Native Balance
            • Option Balances
          • Pools
            • Find Pools
            • Create Pools
            • Valid Maturities
            • Valid Strikes
          • Oracles
            • IV
            • Spot
          • Vaults
            • Quote
            • Trade
        • WebSockets Reference
          • Authorization
          • Connection
          • Quotes Channel
          • RFQ Channel
    • SDK
      • Guides
      • SDK Technical Docs
    • Contracts
      • Multi-Signature Wallets
      • V3 Protocol
        • Overview
        • Guides
        • Smart Contract Technical Documentation
      • Margin
      • Orderbook
      • vxPremia
      • Universal Router
      • Vaults
    • Integrations
      • Use Cases
      • Code Snippets
    • Subgraph
    • V3 Change log
  • Bots
    • Range Order Bot
  • Resources
    • VIP & Institutional Services
    • Media Kit
    • Bug Bounty
    • Audits
    • Community Groups
    • Research
      • SSVI
    • Legal, Terms, & Disclaimers
      • Terms of Service
      • Privacy Policy
      • Cookie Policy
      • Prohibited Use
      • Affiliate & Advocate Program
      • Self-Service Affiliate Agreement
      • Bug Bounty Terms
      • Academy/Newsletter Disclaimer
      • Trading Competition Terms and Disclaimers
      • Blue Descent
      • Legal Disclaimer
      • Media Disclaimer
      • AML/KYC Policies
      • Intellectual Property
      • Amendments & Updates
      • Contact Us
      • FAQs (WIP)
    • 📰Newsletter
    • 🌊Crypto News Blotter
    • 🎓Academy
    • 🔵Premia Blue (V3)
    • 💎Premia V2 Docs
Powered by GitBook

Terms and Disclaimers

  • Privacy Policy
On this page
  • Bug Bounty Program for Premia Finance
  • Introduction
  • Scope
  • Rewards
  • Eligibility
  • Rules and Guidelines
  • Reporting a Vulnerability
  • Conclusion

Was this helpful?

  1. Resources

Bug Bounty

PreviousMedia KitNextAudits

Last updated 1 year ago

Was this helpful?

Bug Bounty Program for Premia Finance

Introduction

Premia Finance is a decentralized finance (Defi) protocol built on the EVM. As part of our commitment to ensuring the security of our platform, we have established a bug bounty program to encourage the community to report any potential vulnerabilities or issues they may find in our code; white mad hatters are also encouraged to apply. The Premian Republic has deposited 100k USDC into the Hat's Finance Platform under the Community Members looking to add to the bounty amount can find out and .

Scope

The bug bounty program covers all smart contracts and code deployed on the Ethereum mainnet, Arbitrum, Optimism, and Fantom. The program's scope includes any potential vulnerabilities that could lead to the loss of user funds or compromise the integrity of the Premia Finance platform.

Rewards

Rewards for valid bug reports will be distributed per the following guidelines:

  • Critical: Up to 72% of the Bug Bounty Vault

  • High: Up to 27% of the Bug Bounty Vault

  • Medium: Up to 18% of the Bug Bounty Vault

  • Low: Up to 3.6% of the Bug Bounty Vault

The determination of the severity of a bug report will be left to the discretion of the Premia Finance team as outlined by the . 100k USDC has been deposited into the vault at inception; however, there are plans to direct a portion of protocol fees to the vault, as well as community members, are encouraged to contribute to the bounty as well (deposits can be withdrawn at any time under 7d time delay as long as there is no active vulnerability report)

Eligibility

Everyone except the Premia Finance team and their immediate family members are eligible to participate in the bug bounty program. By participating in the program, you agree to abide by the rules and guidelines outlined in this document.

Rules and Guidelines

  • Only previously undisclosed vulnerabilities will be eligible for rewards.

  • The first reporter of a valid vulnerability will receive the reward.

  • Determining the validity of a vulnerability and the severity of the report will be left to the discretion of the Premia Finance team.

  • Duplicate reports of the same vulnerability will not be eligible for rewards.

  • Vulnerabilities already reported by the Premia Finance team or another third-party security researcher will not be eligible for rewards.

  • Attempting to exploit a vulnerability for personal gain will result in disqualification from the program and possible legal action.

  • The Premia Finance team reserves the right to modify or terminate the bug bounty program without notice.

Known Areas where the concern is acknowledged; however, no action will be taken:

  • V2 Contracts utilize the ChainLink function: latestAnswer(), which is no longer the recommended (latestRoundData) method to retrieve Oracle price.

  • V2 Contracts do not utilize the ChainLink variable: latestTimestamp to validate that a stale price is not being utilized.

  • LayerZero vxPremia sendFrom reverts due to out of gas on cross-chain transfers, resulting in storedPayload blockage.

Reporting a Vulnerability

Once the report is received, the Premia Finance team will review the vulnerability and respond with a determination of its validity and severity. If the report is valid, the team will work to fix the vulnerability and distribute the reward to the reporter.

Conclusion

The Premia Finance bug bounty program is an important part of our commitment to security and the protection of user funds. We encourage anyone with knowledge of potential vulnerabilities to participate in the program and help us ensure the integrity of our platform.

For Terms and Conditions please see Bug Bounty Terms

To report a vulnerability, please submit via the Hat's Anon Friendly Portal: If you would like, you can email dev@premia.finance with the subject line "Bug Bounty Program Report". The email should include a detailed description of the vulnerability and steps to reproduce it. Please also include your Arbitrum wallet address for reward distribution. If submitting only via the Hat's vulnerability ticketing system, an email is unnecessary.

About Hats Finance Hats Finance is the first of its kind, community-owned, and decentralized bug bounty protocol. Because security exploits affect all parties involved, Hats Finance facilitates community involvement by allowing users to provide liquidity to their favorite bounties and earn $HAT tokens once they become available. We hope that by allowing community involvement, we can raise awareness of the importance of security in crypto while encouraging white-hat hacker involvement. Learn more about the Hats mechanism and deposit in Premia’s bug bounty through the

Premia Bug Bounty Vault.
more info here
here
Hat's Finance Terms of Use
https://app.hats.finance/vulnerability
here
Hats dApp.