EVAA is the first decentralized lending protocol on TON that lets users lend or borrow assets without going to a centralized intermediary.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, EVAA will reward you:
- Critical: $4,500 – $5,000
- High: $2,500 – $3,000
- Medium: $900 – $1,000
- Low: $100 – $200
Join The Bounty Hunt
There are 2 asset types to scope!
- Smart contract
Make sure your reports contain info about these incidents:
- Business logic issues
- Payments manipulation
- Remote code execution (RCE)
- Injection vulnerabilities (SQL, XXE)
- File inclusions (Local & Remote)
- Access Control Issues (IDOR, Privilege Escalation, etc)
- Leakage of sensitive information
- Server-Side Request Forgery (SSRF)
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Directory traversal
- Other vulnerability with a clear potential loss
- Stealing or loss of funds
- Unauthorized transaction
- Transaction manipulation
- Attacks on logic (behavior of the code is different from the business description)
- Over and underflows
To increase your chances of finding a critical bug, read EVAA whitepaper here.
Once you’re ready, click here to join the bounty hunt!