Bug Bounties

The rissot.to bug bounty program is focused around our smart contracts, websites, and apps with a primary interest in the prevention of loss of user funds, either by direct draining of locked funds

Smart Contracts and Blockchain*

Level
Critical	up to USD $ (TBC)
High	USD $ (TBC)
Medium	USD $ (TBC)
Low	USD $ (TBC)

*All bug reports must include a Proof of Concept demonstrating how the vulnerability can be exploited to be eligible for a reward. This may be a smart contract itself or a transaction.

Website and Apps

Level
Critical*	USD $ (TBC)
High	USD $ (TBC)
Medium	USD $ (TBC)

*XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect.

*TBC = To Be Confirmed

All payouts are done by the rissot.to team and are pegged to the USD values set here and are payable in RSOT or USDT.