Fishing Frenzy Wiki
  • Vision
  • Founders Pass
  • Uncharted Waters Campaign
    • Special Event: Cooking Contest
    • Special Event: Buddy Bonus
  • Game
    • Fishing
    • Rods
    • Cooking
    • Leaderboards
    • Pets
    • Quests
    • Referrals
    • Game Economy
  • Roadmap
  • Beginner Guides
    • Resources & Items
    • How to use refer a friend!
    • Export Wallet to Ronin
    • Bridge Funds to Ronin
    • Deposit Ronin Into The Game
    • Trading game NFTs
  • Official Links
  • Changelog
  • Bug Bounty
  • About Us
  • Terms of Service
Powered by GitBook
On this page
  • Policy
  • Rewards
  • Reporting
  • Eligibility
  • Assets in Scope

Bug Bounty

We recognise the importance and value of security researchers' efforts to keep our community safe. We encourage responsible disclosure of security vulnerabilities via our bug bounty program.

Policy

  • Do not share reports to any blog or social network if not approved by Fishing Frenzy

  • While researching, refrain from:

    • Doing automated testing, denial of service

    • Spamming, spoofing, phishing

    • Social engineering of staff or contractors

    • Any physical attempts

    • Performing further attacks once you have proof of an attack

    • Bulk downloading / extracting exposed data beyond the need for proof of concept

Rewards

We are eager to work with security researchers to ensure all findings are fairly rewarded. We may award additional rewards for exceptional reports. All reward amounts are at our full discretion.

Severity
Definition
Typical Amount

Critical (P1)

Direct, high-impact vulnerabilities that allow attackers to cause large-scale financial loss to the company or players, extract or duplicate assets, manipulate game economy, or completely break core gameplay systems.

Examples:

  • Minting unlimited NFTs without paying

  • Unauthorized transfer of smart contract funds

$1000 - $10000+**

High (P2)

Significant vulnerabilities that impact game economy, player trust, or company revenue, but require specific conditions to execute, or cause losses at smaller scale compared to P1.

  • Manipulating leaderboard rewards

  • Buying or obtaining premium items for free

  • Duplication of assets requiring moderate effort

$200 - $1000

Medium (P3)

Vulnerabilities that cause minor or limited financial impact, or affect fairness and trust but do not lead to direct major monetary loss.

Examples

  • Claiming duplicate rewards

  • Minor inconsistencies in reward calculations

  • Bugs allowing for faster than intended level-up

$50 - $200

Low (P4)

Very low-impact issues that are primarily cosmetic, informational, or theoretical

Examples

  • Typographical errors

  • Visual errors

$0

** Bounty will vary widely based on severity and impact

Reporting

If you have identified a security vulnerability please do the following:

    • Your contact details (name, email)

    • Full proof of concept (step by step to reproduce) and impact

    • Any files uploaded to Google Drive that can help reproduce the flaw (screenshots, images, source code, scripts)

Eligibility

  • Vulnerabilities have a working proof of concept that shows how it can be exploited

  • First user to bring the issue to our attention, before we are aware of it

  • Do not abuse the issue

  • Certain types of issues will be ineligible and out of scope, such as:

    • Internally known issues, duplicate issues, or issues which have already been made public

    • Theoretical vulnerabilities without proof of concept

    • Incorrect data supplied by third party oracles

    • Sybil attacks or fake user generation

Assets in Scope

Smart contracts:

0x9c76fc5Bd894E7F51c422F072675c876d5998A9e

0x6d5104435be31A51a8261056c347824481632FaB

0x77CE5148b7ad284e431175Ad7258B54A64816da6

0x87a699a08D57142d46c909B7f2df49D44D87211F

0x4079da822E8972982b8569e38cdF719A21069934

0xc4537D98b3d4A2A8EC79aaEFb19b4ceB72953Fcd

0xC69f7434D4B336E68AcBbde4101B7990E7d6B3b3

0xDDA950223EAD838C21838109a2f550C964A23C5b

Web/App:

  • https://fishingfrenzy.co

PreviousChangelogNextAbout Us

Last updated 3 days ago

Email and include the following information:

Open up a support ticket in to alert our mods if it is time sensitive

Vulnerabilities with third party software such as Privy wallet (see their ) or marketplaces such as Ronin Marketplace

[email protected]
Discord
bug bounty program