Bug Bounty

At InceptionLRT, security is our top priority. To ensure the safety and reliability of our platform, we have launched a comprehensive Bug Bounty Program in collaboration with HackenProof. This program invites security researchers and ethical hackers to identify potential vulnerabilities in our smart contracts and ecosystem, with rewards of up to $500,000 for critical findings.

Focus Areas

The Bug Bounty Program is focused on identifying vulnerabilities within the InceptionLRT smart contracts and infrastructure. All testing should comply with the rules and scope outlined below to qualify for rewards.

Impacts in Scope

The following impacts are eligible under the Bug Bounty Program:

  • Critical Impact (Up to $500,000):

    • Governance voting result manipulation.

    • Direct theft of user funds.

    • Permanent freezing of funds.

    • Miner-extractable value (MEV) exploitation.

    • Protocol insolvency.

  • High Impact (Up to $50,000):

    • Theft of unclaimed yield or royalties.

    • Permanent freezing of unclaimed yield or royalties

    • Temporary freezing of funds (at least 30 days).

  • Medium Impact (Up to $5,000):

    • Block stuffing for profit.

    • Griefing attacks.

    • Unbounded gas consumption.

    • Theft of gas.

  • Low Impact (Up to $1,000):

    • Smart contract failing to deliver promised returns.

For a full list of impacts, visit the HackenProof Bug Bounty Program.

Out of Scope

The following are excluded from the Bug Bounty Program:

  • Attacks requiring leaked credentials or privileged access.

  • Issues stemming from third-party systems, oracles, or non-eligible contracts.

  • Denial-of-service (DoS) attacks or automated testing generating excessive traffic.

  • Sybil attacks, centralization risks, or critiques of best practices.

Participants are prohibited from testing on public testnets or mainnet environments. Additionally, phishing, social engineering, or testing external third-party systems is strictly prohibited.

Eligibility Criteria

To qualify for rewards:

  • Be the first to report a valid vulnerability.

  • Submit a detailed, reproducible report within 24 hours of discovery through HackenProof.

  • Include any necessary attachments such as proof of concept, screenshots, or relevant code snippets.

  • Comply with coordinated disclosure practices, refraining from publicizing the vulnerability.

Additional rules apply:

  • Reports must be submitted using the email registered with your HackenProof account.

  • Participants must not be former or current employees of InceptionLRT or affiliated contractors.

Important: If an attacker can block the contract, but we can resolve the issue by upgrading it, we do not classify this as a permanent freeze. Therefore, we consider it to have a low impact.

Assets in Scope

Only smart contracts listed under the InceptionLRT GitHub repository and defined as in-scope are eligible for consideration. Proxy contracts and their current or future implementations are included.

Range of Rewards

Rewards are based on the severity of the vulnerability:

  • Critical: $5,000 - $500,000

  • High: $5,000 - $50,000

  • Medium: $1,000 - $5,000

  • Low: $100 - $1,000

Join the Effort

Help us make InceptionLRT the most secure and reliable platform in DeFi. Submit your findings and become part of the movement to build a safer decentralized future.

-> InceptionLRTs Bug Bounty Program

PreviousAudit Reports NextKey Risks

Last updated