PoolTogether User Guide
V4 DocsDeveloper DocsApp
  • Welcome
    • About PoolTogether
    • Frequently Asked Questions
    • Getting Started
  • PoolTogether V5
    • Use PoolTogether V5
    • V5 Developer Docs
    • Cabana.fi Docs
    • Build on PoolTogether
  • PoolTogether V4
    • PoolTogether on Optimism
      • Getting USDC & ETH on Optimism
    • PoolTogether on Polygon
      • Getting USDC on Polygon
    • Guides & How Tos
      • Deposit Delegator
      • Setting up Prize Notifications
      • Migration Guides
        • Withdrawing from V2
        • Withdrawing from V3
        • Withdrawing from V4
      • Using Coinbase Pay
      • Using PoolTogether via Coinbase App
      • Withdrawing USDC from Binance
      • PoolTogether Debit Card FAQ
      • Bridging POOL with Across
      • Getting involved
    • Governance
      • Proposal Process
        • PT Budget Requests
      • Voting & Delegation 101
      • Governance Roles
      • Protocol Constitution
      • Governance Calendar
    • POOL Token
      • Tokenomics
      • POOL Supply
      • Getting POOL Tokens
    • Ecosystem & Links
    • Developers
  • Security
    • Risks
      • Protocol Coverage
    • Audits
    • Bug Bounties
  • Dive Deeper
    • PoolTogether Discord
    • Developer Documentation
    • Brand Kit
Powered by GitBook
On this page
  • Past Bounties
  • PermitAndDepositDai Contract: Unrestricted Sender

Was this helpful?

Edit on GitHub
  1. Security

Bug Bounties

We encourage responsible disclosure of any smart contract vulnerabilities and will pay up to $22,727 for those.

PreviousAudits

Last updated 1 year ago

Was this helpful?

Generation Software Inc. collaborates with Immunefi on a public bug bounty program to incentivize vulnerability disclosures by anyone. Please adhere to the PoolTogether bug bounty program overview on Immunefi to learn all about the rules and details for the bug bounty, including assets and impacts in scope, out-of-scope activities, limitations, etc.

Past Bounties

PermitAndDepositDai Contract: Unrestricted Sender

Vulnerability Just prior to launch a security researcher discovered a flaw in the PermitAndDepositDai contract. This flaw would have allowed an attacker to front-run the "deposit" transaction and take the deposited amount. This would have affected any new deposits to the system.

Mitigation References to the contract were removed from the user interface, and a fix was immediately deployed to mainnet and published via NPM.

Severity: Medium / High Date: Thursday, October 22nd, 2020 Reporter: Kevin Foesenek Payout: $20,000 USD of WETH ()

transaction
PoolTogether Bug Bounties | Immunefi | ImmunefiImmunefi
Logo