[New Bug Bounty] ShapeShift Has Launched Bug Bounty With Up to $10,000 Reward Per Critical Vulnerability

Alex Horlan
Head of Triage, HackenProof
4 Nov, 2022
1 Minute Read

Meet ShapeShift

ShapeShift by Fox Foundation is an engaged community of builders actively working to advance the state of crypto trading, investing, and access to open, decentralized financial systems. It is an open-source, multi-chain, self-custody crypto platform enabling billions to achieve financial sovereignty.

Check Out The Rewards

If you find a vulnerability according to the bounty rules, ShapeShift will reward you:

  • Critical: $5,000 – $10,000
  • High: $2,000 – $5,000
  • Medium: $500 – $1,500
  • Low: $50 – $500

Join The Bounty Hunt

There are 6 targets to scope:

  • 3 Websites
  • 2 API
  • 1 Android app

Make sure your reports contain info about these incidents:

  • Any smart contract code developed by the DAO
  • Any smart contract code deployed by the DAO on-chain on a mainnet (i.e. L2s are in-scope, but not testnets)
  • The specific projects hosted at the following GitHub repositories:
  • shapeshift/web
  • shapeshift/lib
  • shapeshift/unchained
  • shapeshift/hdwallet
  • Any software hosted under the ShapeShift GitHub Org or the @shapeshiftoss NPM org, if it’s a dependency of something else in-scope
  • Examples of dependencies that are in-scope: shapeshift/fiojs
  • Examples of things that are hosted in these locations, but aren’t dependencies of something in-scope: shapeshift/cluster-launcher shapeshift/foxfarm keepkey/python-keepkey keepkey/device-protocol

To increase your chances of finding a critical bug, read ShapeShift documentation here.

Once you’re ready, click here to join the bounty hunt!

Read more on HackenProof Blog