In Scope

We are looking for evidence and reasons for incorrect behavior of the smart contract, which could cause unintended functionality:

• Stealing or loss of funds
• Unauthorized transaction
• Transaction manipulation
• Attacks on logic (behavior of the code is different from the business description)
• Reentrancy
• Reordering
• Over and underflows

Out of Scope

• Theoretical vulnerabilities without any proof or demonstration
• Old compiler version
• The compiler version is not locked
• Vulnerabilities in imported contracts
• Code style guide violations
• Redundant code
• Gas optimizations
• Best practice

• Perform testing only within the scope
• Test only on private testnet, no testing for third party contracts
• Only vulnerabilities that can lead to real issues are covered by the bug bounty program
• In special cases, the size of the award can be increased if the researchers demonstrate how the vulnerability can be used to inflict maximum harm
• Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission