Depending on case-to-case basis, we'll offer 10% of the value of the hack upto $50,000

Each bug bounty submission will be evaluated on a case-by-case basis.

UI only bugs are omitted.

Please email aryan@sendai.fun with a detailed description of the attack vector. For critical and moderate bugs, we require a proof of concept done on a privately deployed mainnet contract. We will reach back out in 2 business day with additional questions or the next steps on the bug bounty.

Bug bounties will be paid in USDC. Alternative payment methods can be used on a case-by-case basis.

The following are out of scope for the bug bounty:

1. Attacks that the reporter has already exploited themselves, leading to damage.
2. Attacks requiring access to leaked keys/credentials.
3. Attacks requiring access to privileged addresses (governance, admin).
4. Third party, off-chain bot errors
5. Best practice critiques.
6. Sybil attacks.
7. Attempted phishing or other social engineering attacks involving SendAI contributors or users
8. Denial of service, or automated testing of services that generate significant traffic.