SOY Finance Bug Bounty

Contribute to our security and get rewarded!

Scope

1. SoyFinanceFactory.sol.

2. SoyFinanceRouter.sol.

3. SoyToken.sol.

4. StakingRewards.sol.

5. WCLO.sol.

6. Ownable.sol

7. CLOE_ERC20.sol

8. Multicall.sol

Excluded

1. airdrop.sol

Contracts Overview

This contract system is an implementation of a decentralized exchange that features automated market making. The contract system is deployed at Callisto Network Mainnet:

• Airdrop contract 0x06C0D53112b522c2cAA0B150Dc431386ceeC0cf0

• SOY token (sushi fork) 0x9427B6804e630Fed4e59000aC1D6C6bC9D6d1f6d

• CLOE token 0x1eAa43544dAa399b87EEcFcC6Fa579D5ea4A61870

• WCLO (wrapped CLO) token 0xC63c95d1d4f945141fE86EF978D6b99B8e3905d5

• SoyFinanceFactory 0x4A336fc533D28961c0E1de64b2083019b09cf3Ec

• SoyFinanceRouter 0xB4dDe88Fd2D7Cf5AA0880fa2Ec893124Cbbe0FA3

• Multicall contract 0x8bA3D23241c7044bE703afAF2A728FdBc16f5F6f

Bug Bounty

GENERAL NOTE: only technical issues must be considered here. Trading losses or the lack of liquidity caused by insufficient engagement are not considered contract-related issues.

$15,000 for finding a critical vulnerability.

A critical vulnerability is a vulnerability that can be directly exploited at any time and cause:

• Total breach of the contract system and the loss of operability.

• Allow the withdrawal of funds or exchange of funds at an unexpected rate which can be exploited to the attacker’s advantage.

• Any circumstance at which one user of the contract can cause a direct loss of funds for another user.

$3,000 for finding a medium severity vulnerability

A critical vulnerability is a vulnerability that can be exploited in some specific circumstances and cause:

• Violation of access restrictions and performing owner-restricted functions without permission.

• Total or partial breach of the contract system and partial loss of operability.

• Allow the withdrawal of funds or exchange of funds at an unexpected rate which can be exploited to the attacker’s advantage.

• Any circumstance at which one user of the contract can cause a direct loss of funds for another user.

$100–500 for code flaws that can not violate contract workflow.

Any code flaw reports and suggestions that can improve the SoyFinance workflow. This bounty will be paid if the suggested solution will be implemented in the final version of the contract system.

Participating

Submit an issue at the SoyFinance contracts repo: https://github.com/SoyFinance/smart-contracts/issues

The bugbounty will last for 20 days since the announcement. All reports submitted to the GitHub issues thread during this timeframe will be reviewed by members of the Callisto Security Department.

The first person to submit a bug report will be awarded a bounty if the reported issue is considered a vulnerability consistent with the bugbounty scope.

Payment method: the bounty can be paid in CLO or USDT. The requester must negotiate the payment method in the corresponding issue thread at GitHub and provide the payment address there. The transaction hash will be published in the same thread as proof after the payment is confirmed.

Questions: dexaran@callisto.network