🛡️ Audits & Bug Bounty Rewards
Learn about Factlink's security audits and bug bounty program to help secure the protocol.
Audit & Bug Bounty Programs 🔍
Security is the cornerstone of Factlink’s mission to build a trustless truth protocol on Solana. All our contract code and balances will be publicly verifiable, and we invite security researchers to help us ensure the integrity of our platform. We are actively seeking reputable partners to audit our protocol and are considering rewarding contributions with Factlink tokens upon launch. Below, we outline the structure of our audit and bug bounty programs. 🛡️
Audits 📝
Factlink is currently in a pre-audit phase, with development and internal testing completed. We are looking for reputed auditing firms to thoroughly review our smart contracts on Solana. If you represent a firm interested in auditing Factlink in exchange for Factlink tokens (upon launch), please reach out via Twitter or Discord. Audit reports will be made public to ensure transparency and build trust with our community. 🌟
Bug Bounty Rewards 🐞
Factlink encourages the community to audit our contracts and responsibly disclose any vulnerabilities. Our bug bounty program recognizes the value of working with independent security researchers and defines our commitment to good faith collaboration. Rewards will be considered in Factlink tokens (post-launch), with amounts varying based on the severity of the bug.
| Severity | Reward Amount in USD (Equivalent in Factlink Tokens) |
|---|---|
| Low | $250 |
| Medium | $1,000 |
| High | $5,000 |
| Critical | Up to $20,000 |
Severity is calculated based on the OWASP risk rating model, considering both Impact and Likelihood.
Scope 🔎
The scope of our bug bounty program includes all of Factlink’s production smart contracts on Solana. It does not cover known issues or intended behavior.
In Scope ✅
- All Factlink Optimistic Oracle and Factum DVM smart contracts deployed to mainnet or noted as applicable.
- Supporting off-chain code or bots for deployed contracts.
Examples of What’s In Scope 📌
- Vulnerabilities that allow stealing funds.
- Issues that freeze funds or make them inaccessible to owners.
Out of Scope ❌
- Issues already submitted by another user or known to the Factlink team (including undisclosed bugs under active mitigation).
- Vulnerabilities in third-party contracts built on top of Factlink.
- Issues requiring admin key ownership.
- Suggestions for gas efficiency (though appreciated).
- Known weaknesses or points listed in audit reports.
Submissions ✉️
Please email your submissions to a dedicated bug reporting address bugs@factlink.xyz. Submissions must include clear, concise steps to reproduce the discovered vulnerability. Until the official address is live, reach out via Discord for guidance.
Terms & Conditions
If you comply with the policies below when reporting a security issue, Factlink will not initiate legal action against you in response to your report. We ask that you:
- Report vulnerabilities promptly.
Avoid violating privacy, disrupting systems, destroying data, or harming user experience.
Use only the designated contact channels to discuss vulnerabilities.
Keep details of discovered vulnerabilities confidential until publicly announced by Factlink.
Perform testing only on in-scope systems and respect out-of-scope boundaries.
- Refrain from blackmail, extortion, or unlawful conduct.
Not be a current or former Factlink team member, vendor, contractor, or related employee.
Public disclosure of a bug or intent to exploit it on mainnet will disqualify the report from a bounty.
All reward determinations, including eligibility and amount, are made at Factlink’s sole discretion. Factlink reserves the right to reject submissions and alter the terms of this program without notice. 🔔