Bug Bounty Program

Fantastic Bug Bounty

We offer a bounty reward for bug discoveries. A user who has found a vulnerability or bug in our code, and wants to get rewarded for that, must contact a Fantastic team member. (Socials links)

The security of our system is of paramount importance to us. While we continue conducting professional audits for the whole system, a bug bounty program is necessary to also ensure the platform’s safety.

This program is intended to work with independent security researchers across the globe and set out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what users can expect from us in return. Should you encounter a security vulnerability in one of our products, we want to hear from you. We believe that the Fantastic ecosystem will be further bolstered with support from our community.

Scope

Issues that can lead to substantial loss of money, critical bugs like a broken live-ness condition, blocking system or irreversible loss of funds.

Exclusions

The following vulnerabilities are excluded from the rewards for this bug bounty program:

• Attacks that the reporter has already exploited themselves, leading to damage

• Attacks requiring access to leaked keys/credentials

• Attacks requiring access to privileged addresses (governance, strategist)

Eligibility

• You must be the first reporter of the vulnerability

• Provide enough information about the vulnerability

Rewards

Rewards are distributed according to the impact of the vulnerability. Our Bounty Reward Program contains a total of $50,000 at the moment.