Skip to main content

Simple Arrangement for Funding Upload (SAFU)

  1. What is the purpose of the Simple Arrangement for Funding Upload (the "SAFU")?
  • The SAFU outlines the post-exploit policy for active vulnerabilities in the Humans.ai blockchain, providing a process for white hat hackers to return funds and claim rewards for vulnerabilities found in the network.
  1. What is the Grace Period, and what is its purpose?
  • The Grace Period is a specified time frame during which white hat hackers can return any exploited funds to a designated dropbox address and claim a reward. Its purpose is to allow hackers to rectify their actions without facing legal consequences.
  1. What is the Bounty Percent and Bounty Cap?
  • The Bounty Percent is a percentage of the total funds secured up to a specified maximum amount (Bounty Cap) that white hat hackers can claim as a reward for reporting vulnerabilities.
  1. How are rewards distributed?
  • Rewards are distributed during the next upgrade of the network.
  1. What is the purpose of the Know Your Clients/Know Your Business (KYC/KYB) process?
  • The KYC/KYB process is required for white hat hackers who receive rewards above a specified threshold amount. Its purpose is to verify the hacker's identity and ensure they are not engaged in malicious activities.
  1. Can white hat hackers claim rewards for exploiting vulnerabilities in projects not covered by the SAFU?
  • No, white hat hackers are not entitled to any rewards from the team or network for funds from "Out of Scope Projects" (other projects that were exploited by hackers but do not have their own SAFU program).

Visit the SAFU agreement for more details.

Dropbox Address

The Dropbox Address is where money taken from the protocol should be sent after being deposited. If there is a bounty distribution, this address's account balance will be used to pay out the bounty for white hat hackers.

tip

The Humans.ai protocol, not the team or any individual, is in charge of controlling the dropbox address.

The dropbox address listed below is accessible via the Humans.ai blockchain:

Dropbox Address in Bech32 Format:

human1nfwqneuvv0d35gfpe7w2xjdn09wshv4c5vns60

Dropbox Address in Hex Format:

0x9A5C09E78c63Db1A2121cF9cA349B3795D0bb2B8

How To Secure Vulnerable Funds

White hats should secure the funds by sending them to the dropbox location within the hack's Grace Period.

How To Claim The Reward

The next chain upgrade will involve the manual reward distribution. White hat hackers should go through a Know Your Clients/Know Your Business (KYC/KYB) process if the reward's value exceeds a specific threshold.

Security recommendations for dApps

As already mentioned, the protocol's SAFU does not include prizes for cash that have been secured from compromised dApps that do not belong to Humans.ai. We recommend every dApp on Humans.ai to have its own SAFU implementation in such a scenario. We suggest using Jump Crypto's SAFU.sol contract implementation as a guide.