Crack the Code: Earn Up to $500K in InceptionLRT’s Bug Bounty Program

December 03, 2024
Share on XShare on Telegram

unnamed.png

At InceptionLRT, security isn't just a priority - it's a core pillar of our mission to deliver a robust, reliable platform for the DeFi ecosystem. To uphold the highest security standards, we're excited to announce our Bug Bounty Program, launched in collaboration with HackenProof. This initiative invites security researchers and ethical hackers to uncover vulnerabilities in our smart contracts and infrastructure.

With rewards reaching up to $500,000 for critical discoveries, this program reflects our commitment to maintaining transparency, trust, and safety across our ecosystem. Here's everything you need to know to participate and contribute to a more secure decentralized future.

Focus Areas of the Bug Bounty Program

The Bug Bounty Program is designed to identify vulnerabilities within InceptionLRT smart contracts. By focusing on critical, high, medium, and low-impact issues, the program ensures comprehensive coverage of potential risks, driving innovation while protecting user funds and protocol integrity.

Impacts in Scope

Participants in the Bug Bounty Program should focus on identifying issues with the following impacts:

1. Critical Impact (Up to $500,000)

  • Governance voting result manipulation.
  • Direct theft of user funds (both at-rest and in-motion).
  • Permanent freezing of funds.
  • Exploitation of miner-extractable value (MEV).
  • Protocol insolvency.

2. High Impact (Up to $50,000)

  • Theft or freezing of unclaimed yield or royalties.
  • Permanent freezing of unclaimed yield or royalties.
  • Temporary freezing of funds for at least 30 days.

3. Medium Impact (Up to $5,000)

  • Block stuffing for profit.
  • Griefing attacks (e.g., causing damage without a profit motive).
  • Unbounded gas consumption.
  • Theft of Gas

4. Low Impact (Up to $1,000)

  • Smart contracts failing to deliver promised returns. For a comprehensive breakdown of impacts, visit our program page on HackenProof.

Eligibility Criteria

To qualify for rewards, participants must meet the following requirements:

  • Be the first to report a valid vulnerability.
  • Submit a detailed, reproducible report within 24 hours of discovery through HackenProof.
  • Include any necessary attachments such as proof of concept, screenshots, or relevant code snippets.
  • Comply with coordinated disclosure practices, refraining from publicizing the vulnerability.

Additional rules apply:

  • Reports must be submitted using the email registered with your HackenProof account.
  • Participants must not be former or current employees of InceptionLRT or affiliated contractors. Important: If an attacker can block the contract, but we can resolve the issue by upgrading it, we do not classify this as a permanent freeze. Therefore, we consider it to have a low impact.

Assets in Scope

The InceptionLRT GitHub repository lists all smart contracts included in this program. While the program primarily targets proxy contracts, both current and future implementations are considered in scope. To explore the eligible assets and scope, visit the InceptionLRT GitHub repository.

Exclusions: What’s Out of Scope

Certain vulnerabilities and activities are not eligible for rewards, including:

  • Attacks requiring leaked credentials or privileged access.
  • Issues stemming from third-party systems, oracles, or non-eligible contracts.
  • Denial-of-service (DoS) attacks or automated testing generating excessive traffic.
  • Sybil attacks, centralization risks, or critiques of best practices.

Participants are prohibited from testing on public testnets or mainnet environments. Additionally, phishing, social engineering, or testing external third-party systems is strictly prohibited.

Reward Range

The reward structure is designed to reflect the severity of the vulnerability:

  • Critical Impact: $5,000 - $500,000
  • High Impact: $5,000 - $50,000
  • Medium Impact: $1,000 - $5,000
  • Low Impact: $100 - $1,000

Rewards are capped at 5% of the potential loss associated with the vulnerability.

Why Participate?

The Bug Bounty Program is your chance to:

  • Increase DeFi security by contributing to one of the most innovative restaking platforms in the space.
  • Earn competitive rewards for your efforts.
  • Join a community of developers, ethical hackers, and researchers dedicated to improving decentralized systems.

By participating, you play an active role in strengthening the DeFi landscape, ensuring its growth and long-term stability.

Get Started

Are you ready to contribute to a safer decentralized future? Head over to HackenProof to learn more, review the rules, and submit your findings.

Together, we can make InceptionLRT a benchmark for security and reliability in the DeFi space.

Logo
Links
Products