Bug Bounty Program

Amara recognizes that even with audits and careful engineering, no protocol is ever completely free from risk. For this reason, a bug bounty program is included in the roadmap to provide an additional layer of protection.

Purpose The bounty program is designed to incentivize independent security researchers and white-hat hackers to find vulnerabilities before they can be exploited. By rewarding responsible disclosure, Amara strengthens its defense while building trust with the community.

Scope The program will cover all production contracts, including:

• Perpetual trading modules such as Vault, Router, and Position Manager

• Spot swap contracts including Factory, Router, and Pair

• Oracle infrastructure, including the DioneOracle and consumer contracts

• Treasury, staking, and reward distribution contracts once deployed

Frontend applications, APIs, and subgraphs will also fall under scope, as attacks often target off-chain systems that feed into the protocol.

Rewards Bug reports will be classified by severity:

• Critical: Vulnerabilities that could drain liquidity pools, manipulate oracle pricing, or disable core functionality.

• High: Issues that could result in incorrect settlements, partial fund loss, or denial of service.

• Medium and Low: Minor exploits or inefficiencies that affect user experience or protocol integrity.

Rewards will scale with severity, paid in $AMARA or stablecoins. Critical findings will command the highest payouts to attract top-tier researchers.

Roadmap The bounty program will be launched after mainnet stabilization, once initial trading and liquidity flows are active. This ensures that the program starts with real stakes, incentivizing meaningful security research. It will be hosted on a recognized platform to guarantee transparency, clear disclosure processes, and reliable payouts.

Long-Term Goal The bounty program is more than a security measure. It is a commitment to openness and collaboration. By inviting the global security community to scrutinize Amara, the protocol positions itself as a transparent, resilient, and trustworthy piece of DeFi infrastructure.