Lyra Bug Bounty

Lyra is joining Immunefi to launch a smart contract bug bounty with up to $50,000 in rewards for critical vulnerabilities.

Lyra is an options trading protocol on Ethereum. Designed natively for Optimism, Lyra is the first protocol to manage risk for liquidity providers, allowing it to offer the best on-chain pricing for traders.

Immunefi is the leading bug bounty and security services platform for DeFi, which features the world’s largest bounties and the first ever operational bug bounty protocol. Immunefi guards over $25 billion in user funds across projects like Belt Finance, Synthetix, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, Alchemix, Nexus Mutual, and others.

The purpose of this bug bounty is to incentivize ethical disclosure of smart contract vulnerabilities and decentralized code review over time to complement the reviews completed during static audits. This program allows for the Lyra codebase to be verified by an entire community of programmers rather than typical audits which engage a single audit firm.

The bounty rewards:

Whitehat hackers get rewarded in accordance with the severity of the vulnerabilities that they discover.

• Critical: Empty or freeze the contract's holdings e.g. economic attacks, flash loans, reentrancy, MEV, logic errors, integer over-/under-flow ($50,000)
• High: Token holders temporarily unable to transfer holdings, transient consensus failures ($10,000)
• Medium: Huge gas consumption and denial of service ($5,000)
• Low: Contract fails to deliver promised returns, but doesn't lose value ($1,000)

Scenarios in scope:

• Re-entrancy
• Logic errors
• Solidity/EVM details not considered
• Trusting trust/dependency vulnerabilities
• Oracle failure/manipulation
• Novel governance attacks
• Economic/financial attacks
• Congestion and scalability
• Consensus failures
• Cryptography problems
• Susceptibility to block timestamp manipulation
• Missing access controls / unprotected internal or debugging interfaces

Scenarios out of scope:

• Attacks that the reporter has already exploited themselves, leading to damage
• Attacks requiring access to leaked keys/credentials
• Attacks requiring access to privileged addresses (governance, strategist)
• Incorrect data supplied by third party oracles
• Basic economic governance attacks (e.g. 51% attack)
• Lack of liquidity
• Best practice critiques
• Sybil attacks

You can read more details of the Lyra bug bounty here

Join the Community

Stay tuned for more important updates, key date announcements, and exciting opportunities by following us on Twitter.

Join the Lyra community on Discord to get involved; provide early feedback, be the first to learn about new opportunities with Lyra, and be a part of building a new DeFi community.