This bug bounty is set up to reward people who identify bugs in Loopring 3.6.0, a pre-release of Loopring protocol 3.6.
Loopring 3.6 is a zkRollup layer-2 scalability solution for Ether and ERC20 transfer, order-book trading, and AMM swap. The AMM support is new in 3.6.
The Loopring team plans to launch 3.6 on Goerli in late November and on Ethereum mainnet in late December 2020.
The following code are considered in-scope for the bounty:
- https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/contracts/iface, except IProtocolFeeValut.sol, ITokenPriceProvider.sol, ITokenSeller.sol, IUserStakingPool.sol
- https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/contracts/impl, except ProtocolFeeVault.sol, UniswapTokenSeller.sol, UserStakingPool.sol, and price-providers/
- https://github.com/Loopring/protocols/tree/protocol-36/packages/loopring_v3/contracts/thirdparty, except: chainlink/
We employ OWASP for rating identified bugs based on their likelihood and impact.
The bounty reward is scheduled as follows：
- Critical: 15,000-50,000 LRC
- High: 5,000-15,000 LRC
- Medium: 1,000-5,000 LRC
- Low: up to 1,000 LRC
Please submit issues on https://github.com/Loopring/protocols and add the “bounty” tag. Duplicate bug reports and those for bugs that have already been fixed are not qualified for rewards. Please also note this bounty begins now and ends on November 30th, 2020; rewards will be paid before December 10th.
Disclaimer: Loopring foundation is at the sole and final discretion of these bounty programs.
Loopring is a layer-2 protocol for scalable transfer, order-book trading, and AMM swap on Ethereum using zkRollup. Loopring.io is the first publicly accessible zkRollup exchange on Ethereum mainnet. It is 100% non-custodial, inheriting Ethereum-level security guarantees while capable to perform at a throughput 1000x greater than the current state-of-the-art layer-1 DEXs.