UFarm Digital

Status: Active

Launched: 24 Feb 2025

Expires: Non-expiring

Max payout: $100,000

Payout quantity: 3

GENERAL INFORMATION

UFarm Asset Management caters to both institutional and private investors. Institutional investors can efficiently manage their digital assets via the platform. Private investors are able to select the most suitable asset manager based on their preferences and an independent scoring system via a web-based application.

Website: https://ufarm.digital

Assets type: Smart Contracts

Chains: Arbitrum

Programming language: Solidity

Product types: DeFi

Project categories: Asset Management

PAYOUTS

Smart Contracts

Critical: $10,000 - $100,000

• Permanent funds freeze
• Protocol Insolvency
• Direct theft of any user funds (at-rest, in-motion)
• Unclaimed yield excluded

High: $1,000 - $10,000

• Unclaimed yield permanent freeze
• Unclaimed yield theft
• Profit oriented block stuffing

Medium: $500 - $1,000

• Unbounded gas consumption
• Gas Theft
• Smart contract incapacitated due to insufficient token funds
• Griefing

Low: up to $100

• A smart contract does not meet the promised returns, yet retains its value

Informational: Not eligible

PROGRAM RULES

• Respect the scope of the program
• Don't discuss or disclose vulnerability information without prior written consent

ELIGIBILITY CRITERIA

• Current employees, vendors (auditors), partners and contractors are not eligible to participate in the bug bounty program

REWARDS AND RECOGNITION

• Payouts are handled by the team directly and are denominated in USD. However, payouts are done in USDT at the discretion of the team
• The bug bounty program reserves the right to adjust award amounts based on the quality and accuracy of submissions within the specified range

SUBMISSION GUIDELINES

• Reports should be submitted through the Remedy platform
• High/Critical severity bug reports should include a runnable Proof of Concept (PoC) in order to prove impact

ASSETS IN SCOPE

Smart Contracts:

• https://github.com/ufarmDigital/

OUT OF SCOPE

• Attacks that the reporter has already exploited themselves, leading to damage
• Attacks requiring access to leaked keys/credentials
• Attacks requiring access to privileged addresses (governance, strategist)
• Incorrect data supplied by third-party oracles (does not exclude oracle manipulation/flash loan attacks)
• Basic economic governance attacks (e.g. 51% attack)
• Lack of liquidity
• Best practice critiques
• Sybil attacks
• Centralization risks
• Impacts requiring basic economic and governance attacks (e.g. 51% attack)
• Impacts from Sybil attacks
• Problems Caused by L1 Gas Pricing
• Freezing of own funds due to mistaken operation
• Impacts from malicious upgrades to third party contracts
• Temporary impacts resulting from configuration adjustment race-conditions