Strike Docs
  • 📖Strike Documentation
  • ⭐Getting Started
    • 🧑‍🏫Guides
    • 🔬Networks
    • 📒Protocol Math
      • sToken and Underlying Decimals
      • Interpreting Exchange Rates
      • Calculating Accrued Interest
      • Calculating the APY Using Rate Per Block
    • 💹Gas Costs
  • 🎙️STokens
    • Mint
    • Redeem
    • Redeem Underlying
    • Borrow
    • Repay Borrow
    • Repay Borrow Behalf
    • Transfer
    • Liquidate Borrow
    • Key Events
    • Error Codes
    • Failure Info
    • Exchange Rate
    • Get Cash
    • Total Borrow
    • Borrow Balance
    • Borrow Rate
    • Total Supply
    • Underlying Balance
    • Supply Rate
    • Total Reserves
    • Reserve Factor
  • ⚙️Comptroller
    • Enter Markets
    • Exit Market
    • Get Assets In
    • Collateral Factor
    • Get Account Liquidity
    • Close Factor
    • Liquidation Incentive
    • Key Events
    • Error Codes
    • Failure Info
    • STRK Distribution Speeds
    • Claim STRK
    • Market Metadata
  • 👨‍👩‍👦Governance
    • Delegate
    • Delegate By Signature
    • Get Current Votes
    • Get Prior Votes
    • Key Events
    • Governor Alpha
    • Quorum Votes
    • Proposal Threshold
    • Proposal Max Operations
    • Voting Delay
    • Voting Period
    • Propose
    • Queue
    • Execute
    • Cancel
    • Get Actions
    • Get Receipt
    • State
    • Cast Vote
    • Cast Vote By Signature
    • Timelock
    • Pause Guardian
  • 🔡API
    • STokenService
      • GET: /stoken
    • MarketHistoryService
      • GET: /market_history/graph
    • ProposalService
      • GET: /proposals
      • GET: /proposals/:id
      • GET: /proposals/statistics
    • VoterService
      • GET: /voters/accounts
      • GET: /voters/accounts/:address
      • GET: /voters/history/:address
      • GET: /voters/:proposalId
    • GovernanceService
      • GET: /governance/strike
      • GET: /governance/proposals
      • GET: /governance/proposal_vote_receipts
      • GET: /governance/accounts
    • UserHistoryService
      • GET: /user/history
    • LiquidationService
      • GET: /get_liquidators
      • GET: /get_liquidator:account
      • GET: /get_liquidator_detail:account
      • GET: /liquidator
    • Shared Data Types
  • ⌛Strike.js
    • Strike Constructor
    • API Methods
      • Account
      • sToken
      • Market History
      • Governance
    • sToken Methods
      • Supply
      • Redeem
      • Borrow
      • Repay Borrow
    • STRK Methods
      • To Checksum Address
      • Get Strk Balance
      • Get Strk Accrued
      • Claim Strk
      • Delegate
      • Delegate By Sig
      • Create Delegate Signature
    • Comptroller Methods
      • Enter Markets
      • Exit Market
    • Ethereum Methods
      • Read
      • Trx
      • Get Balance
    • Governance Methods
      • Cast Vote
      • Cast Vote By Sig
      • Create Vote Signature
    • Price Feed Methods
      • Get Price
    • Utility Methods
      • Get Address
      • Get ABI
      • Get Network Name With Chain ID
  • 🤑DeFi 3.0 Vault
  • 🍍Revenue Share Staking
  • 🔒Security
    • Formal Verification
    • Bug Bounty Program
    • Immunefi
Powered by GitBook
On this page

Was this helpful?

  1. Security

Bug Bounty Program

Security is core to our values, and we value the input of hackers acting in good faith to help us maintain the highest standard for the security and safety of the Ethereum ecosystem. The Strike protocol, while it has gone through professional audits and formal verification, depends on new technology that may contain undiscovered vulnerabilities.

Strike encourages the community to audit our contracts and security; we also encourage the responsible disclosure of any issues. This program is intended to recognize the value of working with the community of independent security researchers, and sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.

Rewards

Strike offers substantial rewards for discoveries that can prevent the loss of assets, the freezing of assets, or harm to a user, commensurate with the severity and exploitability of the vulnerability. Strike will pay a reward of $500 to $50,000 for eligible discoveries according to the terms and conditions provided below.

Scope

The primary scope of the bug bounty program is for vulnerabilities affecting the on-chain Strike Protocol, deployed to the Ethereum Mainnet, for contract addresses listed in this developer documentation.

This list may change as new contracts are deployed, or as existing contracts are removed from usage. Vulnerabilities in contracts built on top of the Protocol by third-party developers (such as smart contract wallets) are not in-scope, nor are vulnerabilities that require ownership of an admin key.

The secondary scope of the bug bounty program is for vulnerabilities affecting the Strike Interface hosted at app.strike.org that could conceivably result in exploitation of user accounts.

Finally, test contracts (Rinkeby and other testnets) and staging servers are out of scope, unless the discovered vulnerability also affects the Strike Protocol or Interface, or could otherwise be exploited in a way that risks user funds.

Disclosure

Submit all bug bounty disclosures to security@strike.org. The disclosure must include clear and concise steps to reproduce the discovered vulnerability in either written or video format. Strike will follow up promptly with acknowledgement of the disclosure.

Terms and Conditions

To be eligible for bug bounty reward consideration, you must:

  • Identify an original, previously unreported, non-public vulnerability within the scope of the Strike bug bounty program as described above.

  • Include sufficient detail in your disclosure to enable our engineers to quickly reproduce, understand, and fix the vulnerability.

  • Be at least 18 years of age.

  • Be reporting in an individual capacity, or if employed by a company, reporting with the company’s written approval to submit a disclosure to Strike.

  • Not be subject to US sanctions or reside in a US-embargoed country.

  • Not be a current or former Strike employee, vendor, contractor, or employee of a Strike vendor or contractor.

To encourage vulnerability research and to avoid any confusion between good-faith hacking and malicious attack, we require that you:

  • Play by the rules, including following the terms and conditions of this program and any other relevant agreements. If there is any inconsistency between this program and any other relevant agreements, the terms of this program will prevail.

  • Report any vulnerability you’ve discovered promptly.

  • Avoid violating the privacy of others, disrupting our systems, destroying data, or harming user experience.

  • Use only security@strike.org to discuss vulnerabilities with us.

  • Keep the details of any discovered vulnerabilities confidential until they are fixed.

  • Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope.

  • Only interact with accounts you own or with explicit permission from the account holder.

  • Not engage in blackmail, extortion, or any other unlawful conduct.

When working with us according to this program, you can expect us to:

  • Pay generous rewards for eligible discoveries based on the severity and exploitability of the discovery, at Strike’s sole discretion

  • Extend Safe Harbor for your vulnerability research that is related to this program, meaning we will not threaten or bring any legal action against anyone who makes a good faith effort to comply with our bug bounty program.

  • Work with you to understand and validate your report, including a timely initial response to the submission.

  • Work to remediate discovered vulnerabilities in a timely manner.

  • Recognize your contribution to improving our security if you are the first to report a unique vulnerability, and your report triggers a code or configuration change.

All reward determinations, including eligibility and payment amount, are made at Strike’s sole discretion. Strike reserves the right to reject submissions and alter the terms and conditions of this program.

PreviousFormal VerificationNextImmunefi

Last updated 1 year ago

Was this helpful?

🔒