Layer3, a decentralized attention layer project, has launched a bug bounty program that offers rewards of up to $500,000.
This initiative, in partnership with HackenProof, is designed to strengthen the security of multi-chain infrastructure that supports critical functions such as distribution, identity, and incentives across 500+ ecosystems.
Bounties range from $5,000 for medium severity issues to a maximum of $500,000 for critical vulnerabilities. Critical severity issues are rewarded in DEXE tokens on a six-month linear vesting schedule, while other rewards can be paid in stablecoins.
The bounty program focuses on identifying and mitigating vulnerabilities in Layer3’s smart contracts, targeting critical issues that could lead to theft or loss of staked funds, unauthorized transactions, or permanent freezing of assets.
Hackers can submit reports of any vulnerability, even those that fall outside of the specified categories, as long as they comply with the program rules. The HackenProof team will review and classify each submission.
Layer3 vulnerabilities definition
Layer3 has clearly defined what is “in scope” and “out of scope” vulnerabilities.
Vulnerabilities in scope include unauthorized fund transfers, bypassing access controls, and emergency withdrawals. Out-of-scope issues include gas optimizations and other non-critical aspects that do not directly impact the functionality of the smart contract.
Program rules
Participants must adhere to strict program guidelines, such as submitting one vulnerability per report and providing a proof of concept for all severity levels. Testing must be conducted only within a defined scope, and any actions that could disrupt services or compromise personal data must be avoided.
The program also prohibits activities such as DoS/DDoS attacks, social engineering, and the use of automated tools to spam forms.