The CronaSwap bug bounty program is focused on our smart contracts, websites, and apps with a primary interest in the prevention of loss of user funds, either by direct draining of locked funds or social engineering attacks by redirecting users or forcing them to sign a transaction.
Smart Contracts and Blockchain
Website and Apps
*XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect.
Important details to note
All smart contract/web/app bug reports must include a PoC (Proof of Concept) demonstrating how the vulnerability can be exploited to be eligible for a reward.
Payouts are handled by the CronaSwap team directly and are denominated in USD. However, payouts are done in either CRONA or USDC.