Carbon DeFi by Bancor

Eligibility

To be eligible for a reward under this Program, you must:

• Discover a previously unreported, non-public vulnerability in Carbon Defi (but not on any third party platform interacting with Carbon Defi) that is within the scope of this Program. Vulnerabilities must be distinct from issues covered in any of the official security audits.
• Be the first to disclose the unique vulnerability, in compliance with the disclosure requirements above. If similar vulnerabilities are reported within the same 24 hour period, rewards will be split at the discretion of Bprotocol Foundation.
• Provide sufficient information to enable contributors to reproduce and fix the vulnerability.
• Not engage in any unlawful conduct when disclosing the bug, including through threats, demands, or any other coercive tactics.
• Not exploit the vulnerability in any way, including through making it public or by obtaining a profit (other than a reward under this Program).
• Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of Carbon Defi.
• Submit only one vulnerability per submission, unless you need to chain vulnerabilities to provide impact regarding any of the vulnerabilities.
• Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under this program.
• Not be a current or former vendor, contractor or subcontractor to the Bprotocol Foundation
• Not be subject to Swiss sanctions or reside in a Swiss-embargoed country.
• Be at least 18 years of age or, if younger, submit your vulnerability with the consent of your parent or guardian.