EDIT: thank you to everyone who has submitted bounties so far. The bug bounty will only continue for bugs in the Synthetix smart contracts from now on.

Traction within the Synthetix ecosystem is growing daily, which means we are starting to uncover more issues. In order to encourage users to report these we are establishing a second bug bounty program. The contracts have been through several rounds of security audits, but we have a lot of surface area especially across the Synthetix dApps, so to ensure the best user experience we want any issues whether security or cosmetic to be raised and resolved.

We will be offering four tiers of bug bounties, each to be paid in sUSD. To report a bug, please practice responsible disclosure via email at bugs@synthetix.io. We will investigate the claim, and if the report is accurate we will pay according to the severity of the finding.

Our reward brackets are below:

Informational: $100 sUSD

Low severity: $500 sUSD

Moderate severity: $1000 sUSD

High severity: $5000 sUSD

Due to the existing priorities for our technical team, we'll be going through the submitted bugs once a month, at which time we'll respond to the bounty hunters and inform them of their eligibility. The only exception will be high severity bugs, which we'll prioritise responding to and rewarding. Please do not DM the Synthetix team on Discord with bug reports as this makes it much harder to track submissions.

Thank you to all the members of our community who are committed to ensuring the Synthetix system grows in strength and security as it grows in traction.