In order to test the security of our asset management smart contract system, referred to as Software, and thereby to detect possible bugs in its implementation, Melonport AG will launch a Melon fund on the Ethereum mainnet for a period of approximately two weeks.

The Melon fund smart contract deployed at the address of


with source code available at the following link

referred to as Melonport Bug Bounty Fund, will be funded with 5 000 Melon tokens by Melonport AG, referred to as Bug Bounty Prize, and managed by the company.


We invite and challenge our community to try and extract the 5 000 Melon token with technical means e.g. by finding a vulnerability in the Melonport Bug Bounty Fund. In case all or a portion of the 5 000 Melon token can be extracted from the Melonport Bug Bounty Fund, the successful participant (“User”) in this bounty program may keep the 5 000 Melon token extracted from the Melonport Bug Bounty Fund.


Melonport AG is intended to be the only party that can send Melon tokens to the Melonport Bug Bounty Fund deployed for the purpose of this challenge. This Bug Bounty Program does however not relate to User funds, tokens, virtual currencies or assets sent to the Melon fund by anyone other than Melonport AG for which Melonport AG takes no liability.

Melonport AG holds no liability towards any User funds, tokens, virtual currencies, assets or User time lost which results in a User loss with respect to this challenge. No tokens owned by any Users are put intentionally at risk by Melonport AG.

In the event that User has critical information regarding the safety of the funds within the Melonport Bug Bounty Fund which is different than extracting the funds from the contract (eg. by locking up the funds, destroying the funds, or other) - user has to report the bug to (PGP key fingerprint: 55DE CA3F D841 E26B 9230 18B8 9477 CD0F 85C7 9DD6) with the subject “LIVE BUG BOUNTY - VULNERABILITY REPORT”. Vague, unclear or incomplete reports will be deemed invalid and will not result a payout of any bug bounty amounts. In case the report is deemed valid by Melonport AG and the vulnerability has not been executed, then Melonport AG may decide to reward the first person reporting this vulnerability with an amount of up to 5000 MLN, subject to producing a valid invoice.

The Melonport Bug Bounty Fund and this Bug Bounty Program are temporary and can be terminated by Melonport AG at any time for any reason whatsoever and without prior warning. In this case, the Bug Bounty Price will not be assigned to any User.

Only means of technical extraction using software directed at the Melonport Bug Bounty Fund are admitted as part of the Bug Bounty Program. Any other means of extractions (i.e. any action which compromise the private key of Melonport AG, physical violence or other non-software related means) may lead to criminal prosecution. Your testing must not violate any laws or compromise any data that is not yours.

Users are responsible for payment of all applicable taxes as per their country and jurisdictions. Individuals who are on US, Swiss, European (or other) sanctions lists or who are citizens or residents of sanctioned / embargoed countries (eg. North Korea, Iran, etc) may not participate.

This Agreement, shall be governed by, interpreted and construed in accordance with the substantive laws of Switzerland. The competent courts of Zug, Switzerland, shall have exclusive jurisdiction for all disputes arising out of or in connection with this Agreement.