League of Traders is running a Bug Bounty Program during the tLGT staking test.
Participants who report valid bugs can earn up to $3,000 in rewards.
Bug severity and its impact determine the reward tier:
Level | Description | Reward Range |
🟥 Critical | Major threats such as loss of user funds, irreversible state changes, or blocking mainnet deployment. | $1,000 – $3,000 |
🟧 Major | Significant issues that disrupt staking functionality under specific conditions. | $200 – $1,000 |
🟨 Minor | Minor issues that do not affect functionality, but may cause confusion. | $30 – $200 |
💡 Rewards are paid in LOT tokens or equivalent, and all reports are reviewed and classified based on internal evaluation criteria.
Scope
The following areas are included in the scope of this bug bounty program:
The full scope of
projects/token-farm/contracts/TokenFarm.solLOT staking-related smart contracts
All staking contracts deployed on testnet (e.g., lockup, reward, claim, unstake logic)
Issues involving lockup periods, reward omission, duplicate claims, or finalization errors
League of Traders test frontend interface
Incorrect display or inconsistent states on the staking screen
Logic errors that affect user interaction
Wallet connection and signature handling
Signature forgery, incorrect address validation, wallet switching errors, approval failures
Staking-related RPC/backend integrations
Transaction broadcast failures, inaccurate state syncing, reward discrepancies due to timing
Any structural bug that may cause actual loss of user assets (LOT)
Out of Scope
The following types of issues are not eligible for bug bounty rewards:
Purely theoretical issues with no concrete proof or reproducibility
Typical UI-based attack vectors like clickjacking or task hijacking (e.g., Strandhogg)
Minor rounding errors with negligible numerical impact
Vulnerabilities that rely on extreme or unrealistic market conditions
Missing or improperly set cache-control headers
Visual/UI feedback, copy errors, style differences, or cosmetic issues
Suggestions for gas optimization or micro-level efficiency improvements
DDoS attacks, brute-force attempts, or network delay simulations
Issues caused by third-party code or open-source libraries
Bugs that are already known and publicly disclosed by the League of Traders team
Notes
Submitted reports will be used to improve the stability and security of the LOT staking protocol.
Once reviewed or resolved, eligible reporters will be contacted individually regarding their reward.
Even if found on the testnet, bugs that pose a real structural risk to the production environment will be prioritized for review.