UXDProtocol Solana Bug Bounty Program
Please direct all bug bounty inquiries to [email protected]. Please provide a detailed description of the attack vector. If it is possible, we require a demonstrated proof-of-concept on a privately deployed mainnet contract.
#Other notable exceptions
The following are out of scope for the bug bounty program:
- Attacks that the reporter has already exploited themselves, leading to damage and/or loss of funds.
- Attacks that the reporter has deployed on a public mainnet which is consequently used by an attacker to exploit, even if the reporter was not the attacker
- Attacks requiring access to leaked keys/credentials
- Attacks requiring access to other privileged addresses (governance, admin)
- Incorrect data supplied by third party oracles (This does not exclude oracle manipulation/flash loan attacks)
- Issues arising solely from liquidity
- Third party, off-chain bot errors (for instance bugs with an arbitrage bot running on the smart contracts)
- Best practice critiques
- Sybil attacks