Layer3, a decentralized attention layer project, launched a bug bounty program with rewards of up to $500,000.
This initiative, in partnership with HackenProof, is designed to strengthen the security of its omnichain infrastructure, which supports critical functions like distribution, identity, and incentives across more than 500 ecosystems.
Bounties range from $5,000 for medium-severity issues to a maximum of $500,000 for critical vulnerabilities. Critical-severity issues are rewarded with a six-month linear vesting schedule in DEXE tokens, while other bounties may be paid in stablecoins.
The bounty program focuses on identifying and mitigating vulnerabilities within Layer3’s smart contracts. It targets critical issues that could lead to the theft or loss of staked funds, unauthorized transactions, or the permanent freezing of assets.
Hackers can submit reports on any vulnerabilities, even those outside the specified categories, as long as they adhere to the program rules. HackenProof’s team will review and triage each submission.
Layer3’s definition of vulnerabilities
Layer3 has clearly defined what constitutes “in-scope” and “out-of-scope” vulnerabilities.
In-scope vulnerabilities include unauthorized fund transfers, bypassing access controls, and emergency withdrawals. Out-of-scope issues involve gas optimizations and other non-critical aspects that do not directly impact the smart contract’s functionality.
Program rules
Participants must follow strict program rules, including submitting one vulnerability per report and providing a proof of concept for all severity levels. Testing should only occur within a defined scope, avoiding any actions that could disrupt services or compromise personal data.
The program also prohibits activities like DoS/DDoS attacks, social engineering, and using automated tools to spam forms.
