Bug Bounty

In addition to regular audits, we have a bug bounty program for the Azoth main contracts on Ethereum.

Introduction

At Azoth, we prioritize the security and integrity of our blockchain-based RWA (Real-World Asset) platform. To ensure the highest level of protection for our users and assets, we invite security researchers, ethical hackers, and the broader community to participate in our Bug Bounty Program.

This program rewards individuals who responsibly disclose vulnerabilities in our smart contracts, web applications, APIs, and other critical infrastructure.

2. Scope & Eligibility

In-Scope Targets

βœ… Smart Contracts (Ethereum, Arbitrum and other supported chains) βœ… Web Application (https://azoth.finance) βœ… Mobile App (coming soon) βœ… API Endpoints (REST) βœ… Blockchain-Related Issues (e.g., governance, oracle manipulation)

Out-of-Scope

❌ Third-party services (unless directly integrated with Azoth) ❌ Phishing/Social Engineering (unless it exploits a technical flaw) ❌ Low-severity UI/UX issues (e.g., typos, minor display glitches) ❌ Theoretical vulnerabilities without PoC

Eligibility:

  • Participants must follow responsible disclosure guidelines.

  • Publicly disclosing a vulnerability before approval will disqualify you.

  • Azoth team members and auditors are ineligible.

3. Vulnerability Classification & Rewards

Rewards are based on severity (CVSS v3.1) and impact.

Severity

Examples

Reward (Points)

Critical (9.0+)

Smart contract theft, fund loss, private key leak

5,000–5,000–50,000

High (7.0-8.9)

Unauthorized access, oracle manipulation

2,000–2,000–5,000

Medium (4.0-6.9)

Logic errors, improper access control

500–500–2,000

Low (0.1-3.9)

Minor bugs, informational findings

100–100–500

Note:

  • Rewards may be adjusted based on exploit complexity.

  • Duplicate reports receive no reward (first submitter wins).

4. Submission Process

  1. Identify a vulnerability within the scope.

  2. Submit a report via email to: security@azoth.finance

    Include:

    • Description of the issue

    • Steps to reproduce (with screenshots/video if possible)

    • Impact assessment

    • Suggested fix (optional but appreciated)

  3. Await response (we aim to acknowledge within 48 hours).

  4. Fix validation – Our team will verify and may request additional details.

  5. Reward payment – After confirmation, rewards are paid in USDC/ETH or other agreed methods.

5. Rules & Legal

  • Do not exploit vulnerabilities (e.g., stealing funds, disrupting services).

  • No public disclosure before Azoth approves it.

  • Comply with laws – Ethical hacking only.

  • No spam/low-effort reports (they will be ignored).

Azoth reserves the right to modify program terms at any time.

6. Contact

For questions, contact: πŸ“§ security@azoth.finance πŸ”— Azoth Security Portal

Thank you for helping secure Azoth! πŸš€

PreviousDeploymentNextHow to Connect to Testnet

Last updated