Security
Last updated
Last updated
The security of Auctus protocol is our highest priority. To ensure top-notch security, Auctus protocol smart contracts were audited by Open Zeppelin and have undergone rigorous internal testing. We also have an ongoing bug bounty program where community members can report any bugs or vulnerabilities.
ACO has completed a full audit with Open Zeppelin. The link to the audit report can be found below.
The bug bounty covers any of the core smart contracts deployed on mainnet. The code can be found at: https://github.com/AuctusProject/aco
The bounty program will pay out rewards according to the severity of a vulnerability. The final reward amount is at the sole discretion of Auctus.
Please report any findings only to contact@auctus.org with full details about any vulnerability and steps / code to reproduce. Allow us time to review and remediate any findings before public disclosure.
Duplicate vulnerabilities. Only the first reporter will be rewarded.
Findings already known as part of a formal audit
Front end bugs;
DDOS attack;
Spamming;
Automated tools
Compromising or misusing third party systems or services.
Reward
Severity
Examples
$5,000 - $15,000
Critical
Stealing collateral assets
Permanently freezing collateral assets
$2,000 - $5,000
High
Severe rounding errors where an attacker can steal significant collateral in excess of any gas costs
$1,000 - $2,000
Medium
Minor rounding errors that allow an attacker to slowly manipulate collateral to their advantage in excess of any gas costs
$0 - $1,000
Low
Informational and code quality based disclosures