The CronaSwap bug bounty program is focused on our smart contracts, websites, and apps with a primary interest in the prevention of loss of user funds, either by direct draining of locked funds or social engineering attacks by redirecting users or forcing them to sign a transaction.

Smart Contracts and Blockchain

Website and Apps

*XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect.

Important details to note

All smart contract/web/app bug reports must include a PoC (Proof of Concept) demonstrating how the vulnerability can be exploited to be eligible for a reward.

Payouts are handled by the CronaSwap team directly and are denominated in USD. However, payouts are done in either CRONA or USDC.