Reserve Contract Bug Bounty

The Flipcash Currency Creator

Flipcash is a new platform for creating digital currencies. There are many things that make Flipcash unique, but one of the key differences is that every currency has guaranteed USD liquidity from day one. This guaranteed liquidity is managed by the Reserve Contract.

The Reserve Contract

Every Flipcash currency is governed by the Reserve Contract, an on-chain contract that autonomously manages each currency’s supply and liquidity.

When a new currency is created, 21 million coins are minted and deposited into the Reserve Contract. Each currency has a fixed supply of 21 million coins, so there will never be more. 

The Reserve Contract then sells coins to users on a predefined pricing curve, accepting payment in USDF, a fully backed 1:1 USD stablecoin managed in partnership with Coinbase. The Reserve Contract sells the first coin for $0.01 of USDF. It then raises the price slightly and sells the next coin. The predefined pricing curve is gradual but exponential, with the price increasing by approximately one penny per coin for every $11,400 of coins purchased, until the final 21 millionth coin sells for $1 million.

The Reserve Contract self-custodies the USDF it receives. It uses that USDF to also buy coins from users on the same pricing curve. In doing so, the Reserve Contract acts as a guaranteed buyer, ensuring continuous liquidity without relying on market makers, order books, or liquidity providers, all in a fully autonomous manner. 

When users sell their coins to the Reserve Contract, the Reserve Contract sets aside 1% of the resulting USDF as a sell fee, paying the remaining 99% to the user. This prevents looping exploits.

As sell fees accumulate in the Reserve Contract they can be burned at any time without authority, ensuring that these fees can always be burned. These burns are credited to Flipcash as a redemption, which becomes revenue for the protocol.

Over time, the Reserve Contract could self-custody billions of dollars of capital. Because the Reserve Contract is autonomous and will ultimately be immutable, any vulnerability could have severe consequences for the integrity of the Reserves. We have worked hard to ensure the security of the contract, but we want to do everything we can. This is where we could use your help.

The Challenge: Break Our Test Currency

We challenge you to break our test currency, called Test. Test is live on chain in our Reserve Contract and can be found here. If you can successfully break Test then we will pay you $250,000 USD, subject to the eligibility requirements below.

We define “breaking Test” as one of the following:

1. Drain USDF from the Reserve Contract, such that holders of Test can no longer sell their Test to the Reserve Contract, and get back at least the expected amount of USDF (allowing for rounding tolerance of $0.01 USDF)

2. Drain the non-circulating supply of Test from the Reserve Contract, such that users can no longer buy more Test from the Reserve Contract, for a cost of no more than the expected amount of USDF (allowing for rounding tolerance of $0.01 USDF)

3. Permanently stall the Reserve Contract, such that there is no way for holders of Test to either sell their Test, or buy more Test

Rules of Engagement:

• You are free to interact with the Reserve Contract in any way you choose, with one exception: you cannot attempt to obtain or exploit the upgrade authority key

• The payout will only go to the first person to break Test in one of these three ways, and be able to prove that they were the ones who broke it. Final validation and payout eligibility will be determined by Flipcash

Things That Will Help You

• You can find the repository here

• You can find example test cases that interact with the Reserve Contract here

• We have completed an independent audit of the Reserve Contract with Sec3, which you can find here

Submission Eligibility

If you are able to break Test, please email us with proof at security@flipcash.com. The first valid submission based on the transaction timestamp will get the reward. 

To qualify you must break Test before March 4, 2026 (23:59 UTC)

Referral Bonus

We are offering an additional $10,000 USD to anyone who refers a researcher that submits a valid, payout-eligible finding. (The researcher must credit you in their submission).

Responsible Disclosure

To support responsible disclosure, we will not pursue legal action against researchers who follow this policy and act in good faith.

Note

Payment for a successful submission will be made in USDC. To remit payment, we must collect basic personal information.

As a US-based company, we cannot pay bounties to individuals residing in countries subject to U.S. trade restrictions or export sanctions, as determined by the Office of Foreign Assets Control (OFAC).

Last updated: March 2, 2026

Flipcash reserves the right to update or modify the terms of this bounty. Changes will apply prospectively and will be reflected by the “Last Updated” date above.