Bug Bounty

YieldShare is built on a foundation of security and trust. To ensure the ongoing integrity of the protocol and protect user funds, we have instituted a formal Bug Bounty Program. This program incentivizes security researchers and ethical hackers from around the world to proactively identify and report vulnerabilities in our smart contracts and core protocol logic.

Scope: The bug bounty program covers all core YieldShare smart contracts, including but not limited to:

• The main vault and staking ledger logic.

• The dynamic allocation and rebalancing engine.

• The fee calculation and distribution mechanisms.

• The integration modules for Orca and Jupiter.

Reward Structure: Rewards are granted based on the severity and impact of the disclosed vulnerability, determined by the Open Source Security Foundation (OSSF) vulnerability severity classification. Rewards range from $1,000 for low-severity issues up to $100,000 or more for critical, fund-threatening vulnerabilities. All rewards are denominated in USD and payable in USDC or SOL.

Key Guidelines:

• Safe Harbor: Researchers who discover and report vulnerabilities through this program in good faith will not be subject to legal action. We request that you provide us with a reasonable amount of time to resolve the issue before any public disclosure.

• Eligibility: To be eligible for a bounty, the vulnerability must be previously unknown to the YieldShare team and discovered without violating any laws, disrupting the mainnet protocol, or compromising other users' data.

This program underscores our commitment to creating the most secure and reliable yield optimization platform on Solana.