On Dec. 4, the AirSwap team said that the value of the bug bounty rewards will depend on the severity of the bug found, according to the OWASP risk rating methodology and as judged by the AirSwap team.
The AirSwap bug bounty rewards go up to 250 DAI for a low-level fix, and up to 2,000 DAI for a high-level fix. If the AirSwap team decides that the risk severity has reached a critical level, the reward will go up to 20,000 DAI.
In September, the AirSwap team announced that they had discovered a critical vulnerability in the system’s new smart contract, which was reportedly immediately reverted to an older version after the issue was detected.
AirSwap noted at the time that neither AirSwap’s Instant nor Trader products were affected by the vulnerability, and that only nine address owners were required to take action to prevent the loss of funds.
Bug bounties in crypto
As hacks in the crypto world can result in the theft of hundreds of millions of dollars of tokens, cryptocurrency companies often turn to bug bounties in an effort to combat those who pose a real threat to their security systems: hackers.
Often companies will offer bounties on a staggered scale, with the reward price corresponding to the severity of the bug. Bounties can start as low as $50 or $100 for low-level fixes, to $10,000 and more for critical bugs.
In October, MakerDAO had to fix a critical bug that could have resulted in a complete loss of funds for all platform users. The HackerOne user lucash-dev had disclosed a report that revealed a critical bug in MakerDAO’s planned upgrade, and was rewarded a $50,000 bounty. This bug represented the first critical finding in the MakerDAO’sbounty program.