SaucerSwap Opens $50,000 Bug Bounty for V3 Orderbook Testnet on Hedera

SaucerSwap Labs has opened a dedicated bug bounty program for the testnet release of SaucerSwap V3, the upcoming version of the SaucerSwap decentralized exchange on the Hedera network. The week-long program offers rewards of up to $50,000 paid in SAUCE for critical vulnerabilities and closes on June 1 at 17:00 UTC. The bounty marks the final public testing window before V3 reaches mainnet. SaucerSwap V3 introduces an orderbook system alongside the automated market maker model used in earlier versions, allowing traders to place limit orders at chosen prices in addition to swapping against liquidity pools. The change represents one of the most significant architectural shifts in the protocol since its launch. The testing surface is hosted at orderbook.saucerswap.finance/trade. Researchers are asked to focus on the V3 trade page, the V3 order history view on the dashboard, V3 trade verification and any other testnet surfaces directly related to the upcoming launch. Reports should address vulnerabilities that could affect user funds, order placement, order execution, order history, trade verification, market integrity, accounting or other user-facing V3 behavior, according to the program documentation. Rewards are assessed using the OWASP risk rating methodology and paid in SAUCE, the protocol's native token. The reward bands are: critical findings, up to $50,000; high findings, up to $10,000; medium findings, up to $1,000; low findings, up to $100; and informational findings, up to $25. Final payouts depend on severity, exploitability, report quality, uniqueness, reproducibility and the actual risk to user funds or protocol integrity. Critical-tier findings, as defined by the program, include loss of funds, unauthorized order execution, permanent loss of access to funds, severe market integrity failure or other systemic impact. High-tier findings cover issues that materially affect individual users, order correctness, settlement assumptions, balances or critical V3 user flows. The V3 testnet bug bounty is run separately from the general SaucerSwap Bug Bounty Program and is scoped exclusively to V3 surfaces. SaucerSwap mainnet contracts, V1 and V2 contracts, non-V3 sections of the interface, third-party applications and previously identified issues are out of scope, along with denial-of-service attacks, phishing and social engineering. Reports are submitted through a dedicated form linked in the SaucerSwap developer documentation and must include reproduction steps, affected components and supporting evidence such as screenshots, logs or transaction IDs. Loom videos are the preferred format for proof-of-concept demonstrations. SaucerSwap Labs may extend the program depending on the volume and quality of valid reports. The dedicated bounty, with severity bands distinct from the standard program, signals the protocol team's intent to subject the V3 release to focused external scrutiny before deploying to mainnet, where real user funds will be exposed.

SaucerSwap post