📄

Smart Contract

Last Revision: December 4, 2021 Article Status: Published Note: This page may get updated if there are changes to previous information.

Smart Contracts

Audit reports

We are determined to achieve maximum security for all that we do at Sipher. This means that we aim to be transparent in our actions.

In strong collaboration with VeriChains we are proud to share the following audit reports:

VeriChains Token Generation Audit Report & IBCO Audit Report (updated with the 2nd audit report)

Bug bounty

Besides VeriChains we invite all of our community members and beyond to start digging in our contracts in a search for vulnerabilities through our bug bounty program. We find security one of the most important factors and therefore anyone that finds serious vulnerabilities will be rewarded graciously.

What does the bug bounty program cover?

Please be aware that this program is aimed at the smart contracts on-chain. Vulnerabilities found in the contracts on-chain are eligible for a bug bounty. Anything related to web front-end or whatsoever are not part of this program. However we do advise you to contact our team with these issues at our e-mail security@sipher.xyz — we’ll always reward accordingly.

The scope of the bounty program is limited to the liquidity mining contracts above.

How do you score the severity of found vulnerabilities?

To assess the severity of these vulnerabilities or bugs, we will be using the CVSS scoring system as shown in the image below;

image

What can I earn when I find a vulnerability?

We believe that any serious vulnerability should be rewarded accordingly.

Whenever a vulnerability is found that could result in the loss of user funds, we can reward up to $250,000. The exact breakdown of the payments can be found below;

  • Informational — Rewards up to $500
  • Low risk — Rewards up to $1,000
  • Medium risk — Rewards up to $5,000
  • High risk — Rewards up to $50,000
  • Critical vulnerability — Rewards up to $250,000

Payouts will be made in USDC/T after we confirm the vulnerability and the person in question successfully cooperates with our team to solve the issues.

What if I find a vulnerability?

Whenever you find a vulnerability, please reach out to security@sipher.xyz with a clear breakdown of the vulnerability and a way for us to get in touch.