As a Stonfier with a passion for TON DeFi and a knack for coding, I’ve been swapping and farming on STON.fi for over a year, drawn by its $5B+ trading volume and seamless features like Omniston.

When STON.fi launched their Bug Bounty Program with a $500,000 prize pool for STON.fi v2 smart contracts, I saw a chance to contribute to a platform I trust while potentially earning up to $100,000 for finding critical vulnerabilities.

In this detailed journey, I’ll walk you through my experience joining the program, share the exact steps to participate, and explain how this initiative strengthens STON.fi’s position as a secure DeFi leader on TON with $115M+ in TVL.

This is my personal story as a community member, not an official STON.fi statement, and I hope it inspires you to join the effort to make STON.fi the most trusted platform in TON DeFi.

I’ve always been impressed by STON.fi’s growth 12,500+ daily active users and a $5.8B swap volume make it a cornerstone of TON DeFi:

But as a coder, I know even the best platforms need rigorous security checks to protect user funds, especially with $115M+ in TVL at stake. When STON.fi announced their Bug Bounty Program with a $500,000 prize pool, I knew I had to join could I help secure STON.fi’s v2 smart contracts and earn a reward while doing it?

Diving into the Program Details

STON.fi partnered with top-tier security platforms HackenProof and Certik to run the Bug Bounty Program, focusing on their v2 smart contracts. I visited the official pages on HackenProof and Certik to understand the scope[https://hackenproof.com/programs/ston-dot-fi-dex-smart-contracts-v2, https://skynet.certik.com/projects/ston-fi]. The reward structure was compelling: up to $100,000 for critical vulnerabilities, $20,000 for high-severity issues, and $5,000 for medium-severity concerns motivation to dive deep into the code.

Setting Up on the Testnet

The program requires all testing on the testnet to avoid disrupting live operations a smart move given STON.fi’s $5B+ trading volume. I set up a TON testnet wallet using Tonkeeper, following STON.fi’s guidelines, and funded it with testnet tokens via their faucet[https://testnet.tonscan.org/address/kQAFpeGFJQA9KqiCxXZ8J4l__vSYAxFSirSOvPHn6SSX4ztn]. It took me about 30 minutes to configure my environment, ensuring I was ready to test without risking real funds.

Exploring the Open-Sourced Smart Contracts

STON.fi open-sourced their v2 smart contracts, which I accessed via their GitHub repository [https://github.com/ston-fi/dex-core-v2] I focused on high-impact areas like token swaps and liquidity provision, knowing these contracts handle STON.fi’s $115M+ TVL. The code was well-documented, making it easier to understand the logic behind swaps I’d performed on the mainnet.

Auditing for Vulnerabilities

I spent a weekend auditing the contracts, looking for vulnerabilities like reentrancy, overflow, or gas optimization issues. I simulated transactions on the testnet, mimicking real-world swaps I’d done on STON.fi’s mainnet, which has processed $5B+ in volume. It felt like being a detective, searching for hidden flaws that could impact STON.fi’s 4.7M wallets.

Finding and Submitting a Medium-Severity Bug

After days of testing, I identified a medium-severity issue in the liquidity provision contract a potential gas overcharge in an edge case involving large withdrawals. I submitted my findings via HackenProof, following their detailed guidelines, and included a proof-of-concept exploit on the testnet. If accepted, I could earn up to $5,000, but more importantly, I’d help protect STON.fi’s $115M+ TVL.

Why STON.fi’s Security Matters

STON.fi’s proactive approach partnering with HackenProof and Certik shows their dedication to user safety. With $115M+ in TVL and 12,500+ daily active users, protecting funds is critical. Open-sourcing their contracts and inviting community audits builds trust, making STON.fi a leader in TON DeFi.

Community Involvement and Growth

The Bug Bounty Program isn’t just about rewards it’s about community collaboration. STON.fi’s 1,500+ Stonbassadors and $5.8B swap volume reflect a thriving ecosystem[https://testnet.tonscan.org/address/kQAFpeGFJQA9KqiCxXZ8J4l__vSYAxFSirSOvPHn6SSX4ztn]. By participating, I felt part of a movement to secure a platform that’s supported 4.7M wallets since 2022.

Benefits of Joining the Program :

  1. Earn Rewards: Up to $100,000 for critical bugs a significant incentive.

  2. Enhance Security: My efforts help protect STON.fi’s $115M+ TVL and 12,500+ users.

  3. Community Impact: I’m contributing to a trusted TON DeFi platform.

Challenges to Consider :

  1. Testnet Setup: Testing is limited to the testnet, requiring initial setup time.

  2. Technical Expertise: You’ll need coding skills to audit smart contracts effectively.

  3. Competition: The $500,000 pool attracts many participants, making it competitive.

Let’s Wrap Up

Joining STON.fi’s Bug Bounty Program has been a rewarding journey, allowing me to contribute to a platform I trust while aiming for rewards up to $100,000. With $115M+ in TVL, 12,500+ daily users, and a $5.8B swap volume, STON.fi’s focus on security through this program ensures a safer DeFi experience for all Stonfiers. I hope this journey inspires you to participate and help make STON.fi the most secure platform on TON your expertise can make a difference!

Ready to help secure STON.fi? Dive into the Bug Bounty Program and share this guide if you found it helpful! http://STON.fi