Full Sail operates a targeted, high-severity bug bounty program focused on issues that pose a credible risk to user funds, protocol logic, or core contract integrity. This program is designed to reward meaningful contributions that enhance the safety and resilience of the protocol.Documentation Index
Fetch the complete documentation index at: https://docs.fullsail.finance/llms.txt
Use this file to discover all available pages before exploring further.
In-Scope Targets
- All deployed Full Sail DEX smart contracts
- Frontend vulnerabilities that can lead to:
- User fund misdirection
- Arbitrary contract calls
- Manipulation of swaps/liquidity position state
Out-of-Scope Submissions
- Email spoofing
- Social engineering or phishing tricks
- Broken links, typos, UI polish issues
- “Best practices” suggestions with no exploitable vector
Reward Tiers
| Severity | Reward Range | Example Bugs |
|---|---|---|
| Critical | 5,000 USDC – 25,000 USDC | Full asset drain, bypass of swap/LP limits, price manipulation via logic flaw, contract ownership takeover |
| High | 1,000 USDC – 5,000 USDC | Locked funds, incorrect accounting, ability to grief LPs or force mispriced trades |
Submission Requirements
To be considered for a reward, reports must include:- A clear description of the bug
- Step-by-step reproduction instructions (e.g. code snippet or testnet transaction)
- Explanation of the impact (financial, functional, or security)
- Suggested fix (optional, but helpful)