Sherlock
Details
Scope
My Submission
Reward Amounts
Critical
-
$500,000 maximum payout
-
Payout shall not exceed 10% of funds at risk at time of submission
Severity Criteria
Critical Definition
-
Definite and significant loss of funds without limitations of external conditions
-
Definite and significant freezing of funds for >1 year without limitations of external conditions
General Notes
-
Sherlock’s Criteria for Issue Validity guide (used in Sherlock audit contests) can be a helpful resource for more context on out-of-scope issues, etc. but nothing in the guide should overrule the definitions above
-
A coded Proof of Concept (POC) with instructions to run the POC is required
-
If the protocol team has the ability to take measures (upgrade the contract, pause the contract, etc.) against an exploit, the potential damage is limited to a 1-hour exploit period before it is assumed that the protocol team takes measures to prevent further damage
Platform Rules
Please review the Sherlock Bug Bounty Platform Rules before submitting any vulnerability.
Previous Audits
Additional Context
Chains in scope
-
Ethereum
Expected tokens
-
USDC
-
Sherlock Position NFTs (ERC-721)
Trusted integrations
-
Aave
-
Compound
-
Maple
-
UMA Optimistic Oracle
Trusted protocol roles
-
Every protocol role is trusted, some of these roles include
-
Protocol admins. (also referred to as protocol agents)
-
Owner role of every contract
-
SPCC (Sherlock Protocol Claim Committee)
-
Uma Halt Operator
Offchain mechanisms and procedures
-
Initial Protocol onboarding is triggered via offchain procedures
Protocol Resources
Max Rewards
500,000 USDCStatus
Live since
Last updated
LIVE
Aug 8, 2024, 9:54 AM
Aug 8, 2024, 9:54 AM