Coinlend DeFi Bug Bounty Program

At Coinlend, we deeply value the security of our users and strive for the highest standards in ensuring our smart contracts are secure and free from vulnerabilities. We understand that no technology is perfect, and we believe that working with skilled security researchers across the globe is crucial in identifying weaknesses in our technology.

To encourage the responsible disclosure of potential vulnerabilities, we have established the Coinlend DeFi Bug Bounty Program. If you discover a bug, we appreciate your support in reporting it to us so we can resolve it as soon as possible.

Scope

The bug bounty program primarily focuses on the Coinlend DeFi Solidity smart contract at the following address: 0xE4D71Cf48BD7aBe48f467C19a56c7505E1094E5a.

Please be aware that our Bug Bounty Program will be running until the 31st of August, 2023. We encourage you to participate and contribute to the security of our smart contract during this period.

Rules

We request that all security researchers:

1. Make every effort to respect privacy, avoid data destruction, and prevent service disruption.
2. Only use their own accounts for testing vulnerabilities, to avoid impacting other users or the functioning of the contract.
3. Do not perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
4. Do not publicly disclose a bug before it has been fixed.

Reward

We appreciate the time and effort involved in finding bugs, and as a token of our gratitude, we offer a reward of 300 USD, paid in Ethereum, for every security-relevant bug reported in the smart contract.

Reporting a Bug

Please submit your reports via email to contact@coinlend.org with the following details:

1. A brief description of the potential vulnerability.
2. Steps for reproducing the vulnerability, including any scripts or tools.
3. Your assessment of the impact and severity of the issue.
4. Any suggestions you have for remediation.

Upon receipt of your report, we will:

1. Acknowledge receipt of your vulnerability report.
2. Work to validate and reproduce the issue.
3. Work on a fix and release it as soon as it is ready.
4. Keep you informed about the progress.

Your responsible disclosure will be appreciated and publicly acknowledged (unless you prefer to stay anonymous).

Thank you for your assistance in keeping Coinlend and our users safe!

Frontend Testing

We are excited to involve our valuable users in this process. To provide you with a firsthand experience of our new service, Coinlend DeFi, you can interact with the frontend on the Sepolia Testnet. Visit https://www.coinlenddefi.com/ to explore the interface and test out its functionalities.

To facilitate your testing, we have also set up a faucet. This allows you to claim tokens and use them for testing purposes. You can access the faucet at https://www.coinlenddefi.com/claim/. Additionally, you can obtain free Sepolia ETH testcoins for your testing needs at https://sepoliafaucet.com/.

Please note that our Bug Bounty Program specifically covers security issues in the smart contract. While we appreciate any feedback on our frontend, the bug bounty rewards are specifically for vulnerabilities discovered in our Solidity smart contract. This helps us maintain a strong focus on security as we develop our new DeFi service.

We value your feedback and look forward to any potential vulnerabilities you may discover during your exploration. Your contribution helps us deliver a safer, more reliable service as we move towards the official launch of Coinlend DeFi.