Program Overview
Velvet.Capital makes DeFi simpler and safer by helping you diversify across assets, ecosystems and yield farming solutions.
It's a DeFi Asset Management protocol that helps people & institutions create index funds and other structured financial products as well as manage their portfolios on-chain.
For more information about Velvet.Capital, please visit https://velvet.capital
Reward by Threat Level
All bug reports must come with a Proof of Concept (PoC) with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required.
Payouts are handled by the Velvet.Capital team directly, are denominated in USD and paid in BNB.
Threat Level: -Critical, $100 -High, $75 -Medium, $25
Impacts in scope
Smart Contract
Critical -Direct theft of any user funds -Permanent freezing of funds
Web3 app
Critical -Direct theft of any user funds
High -Take Over User Account -Change Website data without admin permission
Medium -Change User Data without login
Ignore -Theoretical vulnerabilities without any proof or demonstration -DDos Attack -Attacks requiring physical access to the victim device -Website display or business logic error
Assets in scope
Contract 0x3527069C603b7d818aA0D3c15Bd4d8d5914aD66a 0xCE5a3270e5904260B7E4F4CC6e105401ce08788D
Web3 app https://app.velvet.capital