Overview
dTRINITY takes protocol security seriously and maintains a permanent bug bounty program to encourage the responsible disclosure of vulnerabilities. Up to 10% of dTRINITY’s future governance token supply will be allocated toward bug bounty rewards, with payouts based on the severity and impact of reported findings. Vulnerability submissions are accepted immediately, while eligible rewards will be distributed following dTRINITY’s TGE (token generation event).
Security researchers may submit vulnerability reports to security@dtrinity.org.
Vulnerability Severity Levels
Level | Reward | Explanation |
Critical | Up to 1.0% of total token supply | The issue is reasonably likely to result in the theft, loss, unauthorized minting, freezing, or permanent compromise of significant protocol or user funds, protocol insolvency, or compromise of critical protocol infrastructure. Immediate remediation is required. |
High | Up to 0.25% of total token supply | The issue is reasonably likely to result in significant losses, protocol compromise, severe economic impact, or serious consequences for large numbers of users. |
Medium | Up to 0.05% of total token supply | The issue affects a subset of users or protocol functionality and is reasonably likely to result in moderate financial impact or disruption. |
Low | Up to 0.01% of total token supply | The risk is relatively small and could not be exploited on a recurring basis, or is a risk that the protocol has indicated is not important or impactful. |
Informational | Recognition only or discretionary reward | The issue does not pose an immediate threat to continued operation or usage, but is relevant for security best practices, software engineering best practices, code quality, or defensive redundancy. |