« Back

Velvet.Capital Bug Bounty

Outdated2022/09/21 → 2022/12/20, 15:44



  • Development
  • websites
  • contracts
  • bugs
  • security
Payment network
Binance Smart Chain
Txn ID: 0xa5d8...fc0d
Multiple winners

Program Overview

Velvet.Capital makes DeFi simpler and safer by helping you diversify across assets, ecosystems and yield farming solutions.

It's a DeFi Asset Management protocol that helps people & institutions create index funds and other structured financial products as well as manage their portfolios on-chain.

For more information about Velvet.Capital, please visit https://velvet.capital

Reward by Threat Level

All bug reports must come with a Proof of Concept (PoC) with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required.

Payouts are handled by the Velvet.Capital team directly, are denominated in USD and paid in BNB.

Threat Level: -Critical, $100 -High, $75 -Medium, $25

Impacts in scope

Smart Contract

Critical -Direct theft of any user funds -Permanent freezing of funds

Web3 app

Critical -Direct theft of any user funds

High -Take Over User Account -Change Website data without admin permission

Medium -Change User Data without login

Ignore -Theoretical vulnerabilities without any proof or demonstration -DDos Attack -Attacks requiring physical access to the victim device -Website display or business logic error

Assets in scope

Contract 0x3527069C603b7d818aA0D3c15Bd4d8d5914aD66a 0xCE5a3270e5904260B7E4F4CC6e105401ce08788D

Web3 app https://app.velvet.capital

  • Lamych submitted a solution on 2022/12/12 23:57:49
    So interesting app, without slow transactions and visibles bugs.

  • phanhai93 submitted a solution on 2022/09/30 04:04:53
    nguy hai

  • DeFi-Vas created the bounty on 2022/09/21 23:44:25

  • The bounty was expired on 2022/12/20 15:44:24