We are excited to announce our upcoming audit competition with HATS Finance. In this competition, participants worldwide will be searching for vulnerabilities in the VMEX’s codebase, with prizes awarded based on the severity of each vulnerability found. We’re excited to leverage HATS’ network of security researchers committed to developing a safer infrastructure for all users in the DeFi ecosystem.
The audit competition starts June 19, 2023, 18:00:00 GMT, and ends July 3, 2023, 18:00:00 GMT.
Starting June 19th, a new vault will open in the Hats dApp — “VMEX Finance Audit competition.” Participants can check the contracts in scope and start searching for bugs.
Submissions should be made using the Dapp in the “VMEX audit competition” vault. You can submit one on-chain submission mentioning all issues found on the repo. Please send a plain ASCII following the following format:
[TITLE]: a short description of the issue.
SEVERITY (either High, Medium, or Low; see the rules)
Report template:
Description - Describe the context and the effect of the vulnerability.
Attack scenario - Describe how the vulnerability can be exploited.
Attachment - Proof of Concept (PoC) File: You must provide a file containing a proof of concept (PoC) that demonstrates the vulnerability you have discovered.
Revised Code File (Optional): If possible, please provide a second file containing the revised code that offers a potential fix for the vulnerability. This file should include the following information:
Recommendation - Describe a patch or a potential fix for the vulnerability.
15K cap for one high issue
$12K allocated for Medium Severity tasks
$1.5K allocated for Low Severity tasks
$1.5K allocated for Gas Savings tasks
High severity description
Issues that lead to the loss of user funds, such issues include:
Medium severity description:
Issues are issues that lead to an economic loss but do not lead to direct loss of on-chain assets. Examples are:
Low severity description:
Issues where the behavior of the contracts differs from the intended behavior (as described in the docs and by common sense), but no funds are at risk.
Reporters will not receive a bounty for any known issue, such as
Gas saving description:
This competition will reward participants with ideas to maximize gas savings.
The prize pool will reward $1.5k.
The guidelines are as follows:
The security and protection for users in the DeFi ecosystem is a top priority for VMEX, and the opportunity for collaboration with HATS Finance offers a great way for our community to contribute towards the development of a safer, more secure environment for DeFi users across the industry.
We'll share important updates on our Twitter and Discord throughout the audit competition. Stay tuned for more details.
VMEX Finance © 2023