Participate in ParagonsDAO’s Projects – Bug Bounty Program
ParagonsDAO is a community of gamers and investors bridging gaps across traditional gaming, web3 gaming, and decentralized finance (DeFi). Through ParagonsDAO Token ($PDT), you can share in the success of ParagonsDAO (and our game/business partners) through ownership and direction of our Treasury, revenue streams, community, proprietary DeFi solutions and much more!
In cases of repeatable attacks for smart contract bugs, only the first attack will be counted, regardless of whether the smart contract is upgradable, pausable, or killable.
Vulnerabilities found in other bug bounty platforms for ParagonsDAO will not be valid in Hashlock’s Bug Bounty.
This bounty program is limited high impact threats to the ParagonsDAO staking contract, which has been implemented on Base here.
– Impacts that have been previously reported to ParagonsDAO outside of this bug bounty program, with sufficient evidence provided to Hashlock
– Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
– Impacts caused by attacks requiring access to leaked keys/credentials
– Impacts caused by attacks requiring access to privileged addresses (governance, strategist) except in such cases where the contracts are intended to have no privileged access to functions that make the attack possible
– Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
– Best practice recommendations
– Feature requests
– Impacts on test files and configuration files unless stated otherwise in the bug bounty program
– Incorrect data supplied by third party oracles: Not to exclude oracle manipulation/flash loan attacks Impacts requiring basic economic and governance attacks (e.g. 51% attack)
– Lack of liquidity impacts
– Impacts from Sybil attacks
– Impacts involving centralization risks
– Best practice recommendations
Payouts are handled by the ParagonsDAO team directly and are denominated in USD. However, payments are done in USDC.
This bug bounty only rewards high severity bug submissions. A bug is considered high severity if it causes the following;
– Manipulation of governance voting result deviating from voted outcome and resulting in a direct change from intended effect of original results
– Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
– Direct theft of any user NFTs, whether at-rest or in-motion, other than unclaimed royalties
– Permanent freezing of funds, or protocol insolvency.
All submissions must include a POC, showing all impacts of the vulnerability.
Refrain from publishing or releasing any vulnerabilities, even resolved ones, outside of this Program without the projects consent.
You must not be a minor in your jurisdiction of residence, and you must not be employed by a company that does not allow you to participate.
Rewards will be sent via an agreement between the project and the individual directly.
Resources
All code of ParagonsDAO can be found at github. Documentation for the assets provided in the table can be found at ParagonsDAO Docs.
Non Hashlock Audits:
– Zellic audit here
9th Sept 2024
Live since
Yes
KYC Required?
$20,000
Maximum Bounty
18th December 2023
Last Updated
ParagonsDAO Smart Contract Audit Report
Hashlocked
Solidity
July 2024
To submit a bug, please email: bug@hashlock.com.au
In your submission, you must include the following details for it to be valid;
You must be willing and able to provide your identity and the POC over video call with the project leads.
We collaborate with blockchain developers, project creators and corporations to ensure that web3 innovations are secure and successful.