Program Overview

Velvet.Capital makes DeFi simpler and safer by helping you diversify across assets, ecosystems and yield farming solutions.

It's a DeFi Asset Management protocol that helps people & institutions create index funds and other structured financial products as well as manage their portfolios on-chain.

For more information about Velvet.Capital, please visit https://velvet.capital

Reward by Threat Level

All bug reports must come with a Proof of Concept (PoC) with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required.

Payouts are handled by the Velvet.Capital team directly, are denominated in USD and paid in BNB.

Threat Level: -Critical, $100 -High, $75 -Medium, $25

Impacts in scope

Smart Contract

Critical -Direct theft of any user funds -Permanent freezing of funds

Web3 app

Critical -Direct theft of any user funds

High -Take Over User Account -Change Website data without admin permission

Medium -Change User Data without login

Ignore -Theoretical vulnerabilities without any proof or demonstration -DDos Attack -Attacks requiring physical access to the victim device -Website display or business logic error

Assets in scope

Contract 0x3527069C603b7d818aA0D3c15Bd4d8d5914aD66a 0xCE5a3270e5904260B7E4F4CC6e105401ce08788D

Web3 app https://app.velvet.capital