The program covers Pact's Smart Contracts and Frontend / Backend vulnerabilities.
Rewards
Severity
Payout
Critical
up to 100 000 USD
High
25 000 USD
Medium
5 000 USD
Scope
All smart contract in our Github repo are in scope. You can find them deployed on MainNet by checking our pools at https://app.pact.fi. PyTeal source code will be released in Q2/Q3 2022.
Web vulnerabilities in scope are those which lead directly and unequivocally to loss of user funds, such as by spoofing transactions on the Pact interface.
​
Out of Scope & Rules
​
All programs
Attacks that the reporter has already exploited himself, leading to damage
Attacks that rely on social engineering
Attacks requiring access to leaked keys/credentials
Attacks already reported or published
Smart Contracts/Blockchain
Incorrect data supplied by third party oracles/exchange rate being outdated
Not to exclude oracle manipulation/flash loan attacks