EventTrader

Prediction Market Platform
Menu
Quick Access
Perpetuals AI Bots Leaderboards API
Navigation
Home Markets Rewards
More Leaderboards
Feature Voting Markets Bug Bounty VAIX Voting
Guides
Clone a Bot Trading Guide Beginner's Guide Profit Guide Launch Guide Bug Bounty Guide
Resources
Data About
Account
Log In Sign Up
Connect
Discord Telegram X (Twitter) Contact

Bug Bounty Program Guide

Your complete roadmap to finding bugs, winning rewards, and getting paid in CYM tokens

๐Ÿš€
Step 1

Enter the Bug Bounty Program

Getting started is easy - no registration required! You can submit bug reports immediately with just your wallet address.

What You Need

  • Web3 Wallet - MetaMask, Rainbow, or any EVM-compatible wallet on Base network
  • Base Network ETH - Small amount for gas when claiming tokens (optional until claim)
  • Sharp Eyes - Notice things that don't work right or could be better

Optional: Register as a Hunter

While not required, registering gives you access to:

  • Leaderboard ranking and visibility
  • Hunter tier progression (Rookie โ†’ Elite)
  • Badge collection
  • Bonus multipliers based on tier
Ready to start? Go to cymetica.com/bounty and scroll to the submission form.
๐Ÿ”
Step 2

Find Bugs

We reward bugs of all types - from critical platform issues to UI polish. Here's what's in scope:

In-Scope Areas

Area Bug Types Priority
Smart Contracts Logic errors, fund issues, exploits Critical
Trading Functionality Trades failing, wrong prices, broken features High
API & Backend Wrong data, errors, slow performance High
User Interface Broken layouts, confusing flows, mobile issues Medium
Documentation Incorrect docs, missing info, typos Low

High-Value Bugs

Bug Type Max Reward
Smart contract fund issues 1,000,000 CYM
Critical platform outage 1,000,000 CYM
Trading functionality broken 500,000 CYM
Data corruption or loss 500,000 CYM
Major feature unusable 200,000 CYM
UX issues affecting conversions 100,000 CYM

How to Find Bugs

  • Use the platform - Trade, explore markets, try all features
  • Test edge cases - What happens with unusual inputs?
  • Check mobile - Does everything work on phones/tablets?
  • Read the docs - Is documentation accurate?
  • Compare behavior - Does it work as expected?
Out of Scope: Third-party services, subjective design preferences, feature requests, known issues, staging environments.
๐Ÿ“
Step 3

Submit Your Report

A well-documented report increases your chances of validation and maximizes your reward.

Required Information

  1. Title - Clear, descriptive name (e.g., "Authentication Bypass via JWT Algorithm Confusion")
  2. Severity - Your assessment: Critical, High, Medium, or Low
  3. Description - What is the vulnerability? Technical details.
  4. Steps to Reproduce - Exact steps to trigger the bug
  5. Impact - What can an attacker achieve?
  6. Proof of Concept - Code, screenshots, or video
  7. Your Wallet Address - Base network address for reward

Example Report Format

## Title Trade button doesn't work on mobile when market is volatile ## Severity High ## Description On mobile devices (iOS Safari, Chrome Android), the "Place Trade" button becomes unresponsive when price updates rapidly during volatile market conditions. ## Steps to Reproduce 1. Open cymetica.com on mobile browser 2. Navigate to a volatile WTA market 3. Enter a trade amount 4. Try to tap "Place Trade" while prices are updating 5. Button doesn't respond, trade is not placed ## Impact Users cannot execute trades at critical moments, potentially missing profitable opportunities or unable to exit positions. ## Proof of Concept [Screenshot or video showing the issue] ## Wallet Address 0x1234...abcd (Base network)

Bonus Multipliers

  • First Blood (2.0x) - First bug found in a category
  • Speed Bonus (1.25x) - Reported within 48 hours of discovery
  • Fix Contribution (1.3x) - Include a working patch
  • Documentation (1.2x) - Exceptionally detailed report
  • Video PoC (1.25x) - Include demonstration video
Submit Now: cymetica.com/bounty#submit
๐Ÿ”ฌ
Step 4

Validation Process

After submission, your report goes through our validation pipeline:

Acknowledgment

We confirm receipt of your report

Within 24-48 hours

Initial Triage

Security team reviews and assigns initial severity

3-5 business days

Reproduction

We attempt to reproduce the vulnerability

5-10 business days

Severity Confirmation

Final severity and reward amount determined

After reproduction

Fix Development

Engineering team patches the vulnerability

Varies by complexity

Reward Allocation

CYM tokens allocated to your wallet + NFT minted

Upon fix deployment

Report Statuses

Status Meaning
PendingSubmitted, awaiting review
TriagingUnder initial assessment
ValidatedBug confirmed, working on fix
FixedVulnerability patched
PaidReward allocated!
DuplicateAlready reported by another hunter
InvalidNot a valid vulnerability
Track Your Report: Check status at cymetica.com/bounty by connecting your wallet.
๐Ÿ†
Step 5

Win Your Reward

Once your bug is validated and fixed, you've won! Here's what happens:

Reward Allocation

  1. CYM Tokens Allocated - Tokens are assigned to your wallet address on-chain
  2. Vesting NFT Minted - A soulbound NFT representing your allocation is minted
  3. Leaderboard Updated - Your score and rank are updated
  4. Badge Awarded - Special badges for achievements (First Blood, etc.)

Reward Tiers

Severity CYM Tokens USD Value*
Critical 400,000 - 1,000,000 $40,000 - $100,000
High 100,000 - 400,000 $10,000 - $40,000
Medium 25,000 - 100,000 $2,500 - $10,000
Low 5,000 - 25,000 $500 - $2,500

*Estimated at $0.10 TGE price. Actual value depends on market conditions.

Vesting Schedule

  • 25% at TGE - Immediately claimable when tokens launch
  • 75% Vested - Released linearly over 6 months (12.5% per month)
Why Vesting? This aligns your incentives with the platform's long-term success. As CYM appreciates, your rewards become more valuable!
๐Ÿ’ฐ
Step 6

Claim Your CYM Tokens

When TGE (Token Generation Event) occurs, you can claim your vested tokens:

How to Claim

  1. Go to cymetica.com/bounty
  2. Connect your wallet (same address used in report)
  3. Verify wallet ownership by signing a message
  4. View your allocations and claimable amount
  5. Click "Claim Tokens" button
  6. Confirm transaction in your wallet
  7. CYM tokens are transferred to your wallet!

Wallet Verification (Required)

Before claiming, you must prove wallet ownership via EIP-191 signature:

  1. Click "Verify Wallet" on the bounty page
  2. Sign the verification message in MetaMask
  3. Your wallet is now verified for claims

Claiming Timeline

TGE Day

Claim 25% of your total allocation

Month 1

Claim additional 12.5%

Month 2-5

12.5% unlocks each month

Month 6

Final 12.5% - fully vested!

Important: You need a small amount of ETH on Base network for gas fees when claiming. Typical gas cost is less than $1.
๐Ÿ“œ
Step 7

Get Your Proof

Every reward is fully verifiable on-chain. Here's how to prove your achievement:

Proof Types

๐Ÿ–ผ๏ธ Vesting NFT (Soulbound)

A non-transferable NFT is minted to your wallet containing:

  • Your allocation amount
  • Bug severity
  • Report ID
  • Vesting progress
  • Achievement badges

Contract: 0x7D1925D9Ef50700283a7FF04f9D7AE686fa69da7

View on Basescan โ†’

๐Ÿ“‹ Allocation Record

Your token allocation is recorded in the vesting contract:

Contract: 0xb693e3DffDe0a05C1dD509f7a5fff2358b1DC669

View on Basescan โ†’

๐Ÿงพ Transaction Hash

Every allocation and claim has a transaction hash you can verify:

  • Allocation TX: When tokens are allocated to you
  • NFT Mint TX: When your vesting NFT is minted
  • Claim TX: When you claim vested tokens

๐Ÿ… Hall of Fame

Top hunters are featured on our public leaderboard:

cymetica.com/bounty#hall-of-fame โ†’

Verify On-Chain

# Check your allocation (using cast or web3) cast call 0xb693e3DffDe0a05C1dD509f7a5fff2358b1DC669 \ "getAllocation(address)(uint256,uint256,uint256,bool)" \ YOUR_WALLET_ADDRESS \ --rpc-url https://mainnet.base.org # Check your NFT cast call 0x7D1925D9Ef50700283a7FF04f9D7AE686fa69da7 \ "getTokensOfOwner(address)(uint256[])" \ YOUR_WALLET_ADDRESS \ --rpc-url https://mainnet.base.org

Share Your Achievement

Share your success with the community:

  • Screenshot your vesting NFT from OpenSea/Basescan
  • Link to your Hall of Fame profile
  • Share the Basescan transaction link
  • Add to your security researcher portfolio
View NFT: Check your NFT on OpenSea or Basescan

Ready to Start Hunting?

Join the EventTrader community and earn up to 1,000,000 CYM tokens for finding bugs of all types.

Submit a Bug Report View Full Program
๐Ÿ“š
Quick Reference

Important Links & Contacts

Bug Bounty Program cymetica.com/bounty
API Documentation cymetica.com/api/docs
Security Contact security@cymetica.com
Telegram t.me/vsbcorp
Vesting Contract 0xb693...1DC669
NFT Contract 0x7D19...9da7
CYM Token 0x1339...31da