Bug Bounty Program

To further strengthen the security of the AIPaul platform, we operate an ongoing Bug Bounty Program. This program incentivizes ethical hackers, researchers, and developers to responsibly disclose vulnerabilities, helping us identify and fix issues before they can be exploited maliciously.

Scope

The bounty program covers the following components:

  • Prediction Oracle Smart Contract

  • Staking and Reward Smart Contract

  • Governance Smart Contract

  • Web Frontend Applications (aipaul.club, related domains)

  • API Gateway (api.aipaul.club)

Reward Tiers

Severity Level
Reward Range (in $PAUL)

Critical (e.g., fund theft, contract takeover)

20,000 – 50,000 $PAUL

High (e.g., contract freeze, data corruption)

5,000 – 20,000 $PAUL

Medium (e.g., incorrect reward distribution)

1,000 – 5,000 $PAUL

Low (e.g., minor UI/UX issues)

Up to 1,000 $PAUL

Rewards may vary based on severity, impact assessment, and report quality.

Rules and Eligibility

  • Only the first responsible disclosure of a particular vulnerability is eligible for a bounty.

  • Public disclosure of vulnerabilities prior to resolution will disqualify eligibility.

  • Vulnerabilities must be reproducible and clearly documented.

  • Attacks or tests on mainnet contracts without permission are strictly prohibited.

  • Platform employees and contractors are ineligible to participate.

Submission Guidelines

Researchers should submit detailed vulnerability reports via the official Bug Bounty Submission Form (coming soon) or email to: [email protected]

Required information includes:

  • Detailed description of the vulnerability.

  • Step-by-step reproduction instructions.

  • Potential impact assessment.

Acknowledgment

  • Valid reports will be reviewed within 14 days.

  • Rewards will be issued after vulnerability verification and successful patching.

  • Top contributors may be publicly acknowledged (opt-in).

PreviousAudit Reports

Last updated