Join Public Testnet

Two Phase of Public Testnet

Phase 1

  • Validator Testing: deploy the node of StaFiHub Chain and become a validator to test the transfer and staking functions etc.

  • Basic rToken function: stake tokens, mint rTokens, unbond tokens, the exchange rate update, transfer assets with IBC etc.

  • Staking Drop: the fixed number of FIS could be distributed when the original token is staked for the first time.

  • Fee station: supports the swapping of FIS in proportion with the original token

  • StaFiHub App UI/UX and operation testing.

  • Code review

Phase 2

  • rPool App: the incentive programs for rToken minting;

  • rDEX: support to trade rToken/Token trading pairs, add or unstake liquidity, and liquidity farming modules;

  • Code review

Phase 2 will be released around 3 weeks after the release of StaFiHub public testnet Phase 1. After the public testnet, we will release an incentivized testnet of StaFiHub for our community to participate soon. Please stay tuned for the details.

Bug Bounty

Function Testing

1.Testing Guide



2.Testing Task

Seen in “About StaFiHub Public Testnet” part.

Welcoming community members with development expertise to join in the 2 different phases of StaFiHub testnet. You can submit any functional and code bugs that have not been found yet and provide suggestions related to StaFiHub after completing the testing and code review of StaFiHub testnet. Please explain the bugs and suggestions in detail, and send an email to with the corresponding screenshots while submitting.

The StaFi team will evaluate and confirm the functional bugs. On successfully reporting bugs/issues, users will be awarded rewards worth 10 USDT to 1000 USDT.

Code Vulnerability Testing

1.Test Contents

StaFi Chain:

rToken Relay:

rToken App:


Critical: Abnormal function, ineffective function, or security breach, etc.

Moderate: Defects that do not affect the function, non-security issues, including room for optimization, performance improvement, etc.

Low: Unimportant issues, some minor issues that can be modified during updates, such as modifying text or notes.

Outside the scope of the bounty program:

  • Repeated reports on security issues, including security issues that have been confirmed by the StaFi team.

  • Theoretical security issues without pragmatic application scenarios, or issues that require complex user-interactions.


  • It must be a newly discovered bug(s) that has/have not been reported before.

  • The bug(s) found must be related to security issues in StaFi GitHub page code, but not other third-party code.

  • Users who report bugs must not have written any codes of StaFi around the bug(s), and have not participated in any process that generated the bug(s) of StaFi in other ways.

  • Public disclosure will make you lose your bounty.

  • The StaFi team reserves the right to make the final decision on eligibility for the event and all rewards.

4.Bounty Rules

The bounty will be issued in the form of FIS, and the amount will depend on the severity of the bugs found.

In addition to severity, the bounty amount will be determined (but not limited to) by other factors including:

  • The accuracy and details of the bug description.

  • The quality of reproducibility, such as test code, scripts, and detailed instructions.

5.Submission Method

When you find a bug(s), please send a report to:

Please include your name, email, company name (optional), description of the bug(s), your opinion on what is the potential impact of that bug on StaFiHub, and how you discovered that bug.

6. FAQ

1) What should I do if I submit a bug but do not hear a reply?

Before publicly publishing the bug(s) you found, we need some time to review and confirm them, and will reply to you as soon as possible. If you haven’t received a reply within two weeks of submission, you can send an email to us

2) In what form is the bounty issued?

The bounty is issued in the form of $FIS.

If you have more questions, please send an email to us:

Last updated