LogoLogo
  • 🌊Superfluid
  • Protocol Overview
    • 💡What is Superfluid?
    • 📄In-Depth Overview
      • Super Tokens
      • Super Agreements
        • 🚰Money Streaming (CFA)
        • ✳️Distributions (IDA)
        • 🌊Streaming Distributions
      • Super Apps
      • Superfluid Host
    • 🧠Use Cases
      • Recurring Payments
      • DeFi
      • Social & Community
      • Gaming
    • 📔Glossary of Terms
  • Developers
    • 🏃Quickstart
    • 🪙Super Tokens
      • Super Tokens - Solidity
      • Super Tokens - SDK Core
      • Super Tokens - Frontend Examples
      • Types of Super Tokens
      • Deploy a Super Token
        • Deploying a Wrapper Super Token
        • Deploying a Self Governed Super Token
        • Deploying a Pure Super Token
      • In-Depth
        • Tracking Super Token Balances
        • ERC777 in Super Tokens
      • Test Super Token Faucet
    • 🌊Money Streaming (CFA)
      • Solidity
        • Read Methods
          • getFlowInfo
          • getFlowRate
          • getNetFlowRate
        • Write Methods
          • createFlow
          • updateFlow
          • deleteFlow
          • With User Data
          • With Context
      • SDK Core
        • Read Methods
          • getFlow
          • getNetFlow
          • getAccountFlowInfo
        • Write Methods
          • createFlow
          • updateFlow
          • deleteFlow
      • Access Control List (ACL)
        • Solidity
          • createFlowFrom
          • updateFlowFrom
          • deleteFlowFrom
          • setFlowPermissions
          • setMaxFlowPermissions
          • revokeFlowPermissions
          • increaseFlowRateAllowanceWithPermissions
          • decreaseFlowRateAllowanceWithPermissions
          • getFlowPermissions
        • SDK Core
          • createFlowByOperator
          • updateFlowByOperator
          • deleteFlowByOperator
          • updateFlowOperatorPermissions
          • revokeFlowOperatorPermissions
          • increaseFlowRateAllowanceWithPermissions
          • getFlowOperatorData
      • Frontend Examples
      • More...
        • Flow Rate Time Frames
        • Building Batched Streams in Safe
        • Flow NFTs
    • ✳️Distributions (IDA)
      • IDA - Solidity
      • IDA - SDK Core
      • IDA - Frontend Examples
    • 🤖Super Apps
      • Super Apps in Depth
      • Super App Callbacks
        • Calling Agreements In Super Apps
      • User Data
        • NFT Billboard Example
      • SuperAppBaseFlow
      • Super App Examples
      • Super App Deployment Guide
    • 🧺Batch Calls
      • Batch Calls - SDK Core
      • Batch Calls - Frontend Examples
    • ⚙️Automations
      • Auto-Wrap
        • Dev Guide
      • Stream Scheduler
        • Dev Guide
      • Vesting Scheduler
        • Dev Guide
      • Stream Accounting API
        • Dev Guide
      • Automation Subgraphs
        • Stream Scheduler Subgraph
        • Vesting Scheduler Subgraph
        • Auto Wrap Subgraph
    • 🏗️Integration Guides
      • For Your Integration: The Basics
        • Supporting Super Tokens
        • Supporting Money Streams
        • Supporting Instant Distributions
      • Gating with Superfluid Subscriptions & Guild.xyz
      • Displaying Token Balances
      • Useful Queries for Your Integration
        • Instant Distribution Events
        • Money Streaming Events
        • Super Token Events
        • Other Helpful Queries
      • Constructing Links to The Superfluid Dashboard
    • 🔁Superfluid Subscriptions
      • Superfluid Checkout Widget
      • Implementing Subscriptions in your App
    • SDK Core General
      • Initialization
      • Functionality
      • Getting Data
      • Resolver
      • Reference Docs
    • Solidity General
      • Calling Super Agreements
      • Libraries
      • Resolver
    • Testing Guide
      • Hardhat Testing
      • Foundry Testing
      • In-Depth
        • Hardhat Mainnet Fork Testing
        • Super App Testing on Mainnet Forks
    • Subgraph
    • Reference
      • Deploying The Framework
      • EVM Contracts
      • SDK Redux
      • Superfluid Console
      • Superfluid Protocol Addresses
    • Contract Addresses
  • Sentinels
    • 🥅Liquidations & TOGA
    • 🤖Running a Sentinel
    • 🗺️Solvency Dashboard
  • Resources
    • 🌊Superfluid Wave Pool
    • 📜Superfluid on Ethereum Mainnet
    • 💰Bounty Program
    • 🛡️Security & Bug Bounties
    • 💡Project Ideas
    • 🗳️Token Dashboard Submission
    • 🎥Videos
    • Superfluid Deployment Guide
    • Learn about Ethereum
    • Code of Conduct
Powered by GitBook
On this page
  • Immunefi Bug Bounty Program
  • Audit Resources
  • General Security Tips For Superfluid Developers
  • Security Tips for Building Super Apps
  • Custom Super Tokens

Was this helpful?

  1. Resources

Security & Bug Bounties

Immunefi Program and Links to Audits

PreviousBounty ProgramNextToken Dashboard Submission

Last updated 2 years ago

Was this helpful?

Immunefi Bug Bounty Program

We have an bug bounty program with a maximum bounty of $100,000.

This program is focused on the protocol's smart contracts and is focused on preventing:

  • Superfluid framework bugs

  • Bugs in CFA/IDA in general

    • Anything that would avoid streams from being closed

    • Anything that would result in the sum of all account balances drifting significantly from the total supply

  • Theft of tokens in third party wrapper contracts

  • Other unexpected behavior in any super token contracts

Learn more here:

Audit Resources

Superfluid has been audited on multiple occasions, you can find these past audit reports here:

General Security Tips For Superfluid Developers

  • Beyond this, we recommend that you continue to think about security & potential for loss of funds in the front end and off-chain components of your project (if you have them).

Security Tips for Building Super Apps

  • Be careful that your application does not get jailed unexpectedly.

Custom Super Tokens

We recommend what every good security expert would recommend: full test coverage, separation of concerns, and using automated tools like Github Actions or ' tools for fuzzing & static analysis

Guides like can be helpful in understanding what to think about before deploying smart contracts to mainnet.

If you're looking for inspiration on setting up your own Github Actions pipelines, you can find a breakdown on Superfluid's own Github Actions setup

For example, we highly recommend you adopt some of the same UX practices that we do in the if you have a front end that allows people to create Superfluid streams

I.e. we let the user know that letting their balance hit zero before they close their stream will

We have detailed information regarding the jail system and how to avoid a jailed Super App, but one of the most common reasons for a jailed super app is an unexpected revert in either the beforeAgreementTerminated or afterAgreementTerminated callbacks

In general, we advise sticking to the existing Super Token interfaces seen unless you have a good reason not to

If you want to deviate from this, we strongly encourage you to reach out to the Superfluid developer team in the #dev-support channel in our

🛡️
Trail of Bits
this one from Consensys
here
Superfluid dashboard
lead to a liquidation
here
here
Discord
Immunefi
Logoprotocol-monorepo/packages/ethereum-contracts/audits at dev · superfluid-finance/protocol-monorepoGitHub
LogoSuperfluid Bug Bounties | ImmunefiImmunefi