📎Bug Bounty

This Page Outlines Hedgey Bug Bounty Program

Hedgey has a bug bounty program for finding Critical vulnerabilities that can lead to a direct loss of funds from a predefined set of smart contracts outlined below. The Hedgey Bug Bounty Program has $50k USDC which is allocated to the discovery and responsible reporting of critical bugs that would result in the loss of tokens held in Hedgey contracts. To report a bounty, you must have a working proof of concept that would lead to a substantial loss of funds from the most current TokenVesting, TokenLockups, VotingTokenVesting, VotingTokenLockkup, BoundTokenLockup, BoundVotingTokenLockup, or DelegatedClaims contracts "Hedgey Contracts" (as used on app.hedgey.finance.) The proof of concept must use a standard ERC20. ERC20 tokens that are modified, unaudited, or include abnormal tax, rebasing or other fee structures are not included in this bug bounty. The proof of concept must show a clear exploit of the outlined contracts that would result in the loss of funds from the Hedgey contracts which would impact typical users. The proof of concept must not be executed onchain nor shared with any outside parties during the review process. The report must be sent to security@hedgey.finance. A response will be sent to you within 2 business days for next steps. This bounty does not cover front end, back end, or other attacks outside of the set list of smart contracts specifically mentioned in this message.