ShapeShift by Fox Foundation is an engaged community of builders actively working to advance the state of crypto trading, investing, and access to open, decentralized financial systems. It is an open-source, multi-chain, self-custody crypto platform enabling billions to achieve financial sovereignty.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, ShapeShift will reward you:
- Critical: $5,000 – $10,000
- High: $2,000 – $5,000
- Medium: $500 – $1,500
- Low: $50 – $500
Join The Bounty Hunt
There are 6 targets to scope:
- 3 Websites
- 2 API
- 1 Android app
Make sure your reports contain info about these incidents:
- Any smart contract code developed by the DAO
- Any smart contract code deployed by the DAO on-chain on a mainnet (i.e. L2s are in-scope, but not testnets)
- The specific projects hosted at the following GitHub repositories:
- Any software hosted under the ShapeShift GitHub Org or the @shapeshiftoss NPM org, if it’s a dependency of something else in-scope
- Examples of dependencies that are in-scope: shapeshift/fiojs
- Examples of things that are hosted in these locations, but aren’t dependencies of something in-scope: shapeshift/cluster-launcher shapeshift/foxfarm keepkey/python-keepkey keepkey/device-protocol
To increase your chances of finding a critical bug, read ShapeShift documentation here.
Once you’re ready, click here to join the bounty hunt!