Bug Bounty Program

The WNS Bug Bounty program covers the Wen New Standard program and the Wen Royalty Distribution program. As new programs are added, this program will cover these as well. The goal of this program is to promote a legal and profitable means for diagnosing and disclosing security information before

Bounty & Breakdown

Bounties for the bug bounty program are as follows:








The descriptions of the different severity of bugs are as follows:

Critical - Significant escalation of Signer privileges or errors in code execution that presents an immediate risk to a significant portion of users.

  • Loss of funds

  • Insertion attacks in transfer hook

  • Cryptographic failures

High - Attackers can modify critical data or behaviors that they should not be able to access. More narrow in impact than critical or less foundational to the protocol, e.g.

  • Modify sensitive data

  • DoS of WNS minting

  • Supply chain attack on SDK

Low - Attackers can violate an expectation for how something is intended to work but allow nearly no escalation of privilege or ability to seriously impact the useability of the protocol. This also includes bugs that result in unintended outcomes for users.

  • Incorrect data writes on mint

  • Unhandled errors

The actual bounty amount is determined by various factors including but not limited to severity, value at risk, and likelihood of being exploited.

Payouts are done in vesting $WEN on Solana.

Reporting Bugs

Fill out this report and leave your preferred communication method. A member from the team will get back to you within 48 hours: https://github.com/wen-community/wen-new-standard/security/advisories/new


The eligible programs are linked below:

Out of Scope Rules

Last updated