For the DeFi economy to become a consumer-grade banking experience security has to be at the centre of our platform.
We are pleased to announce that our HackerOne bug bounty program is now public after months as an invite-only bounty program. Combined with our external security audits (see our public github repo) and PCI certification, this puts us in a strong position from a security perspective.
We are calling on security researchers worldwide to help us identify and fix software vulnerabilities on our platform.
What are we interested in?
Software vulnerabilities that affect our users’ assets:
- Their crypto holdings;
- Their sensitive personal data; and,
- Their fiat currency balances.
The most important class of bugs we are looking for are ones that compromise the confidentiality, integrity and availability of users’ assets.
Any vulnerability where an attacker can siphon assets from our users in an unintended way is of most interest to Monolith, and will be rewarded accordingly.
For vulnerabilities relating to our handling of the blockchain and our users fiat balances, our bounties will be as follows:
- Critical: $10,000
- High: $4,500
- Medium: $1,500
- Low: $200
For vulnerabilities regarding our mobile apps, our bounties will be as follows:
- Critical: $2,000
- High: $1,000
- Medium: $500
- Low: $100
Rewards are at the discretion of Monolith and we will not be awarding significant bounties for low severity bugs.
Where do I find out more:
We are glad to reward any of you who can help make our platform a safer place for our users and turn the DeFi economy into a consumer-grade banking experience.
— The Monolith Team