Immunefi
Blog
Platform
Bug Bounty ProgramsPR ReviewsAuditsAudit CompetitionsInvite OnlySafe HarborVaultsManaged TriageHelp Center
Security Researchers
Help for WhitehatsLearnLeaderboardImmunefi Top 10 BugsWhitehat AwardsWhitehat Hall of FameReport FindingsResponsible Publication
LoginExplore bountiesGet Protected
Back to Explore
Audit Comp | Flare | FAssets-logo

Audit Comp | Flare | FAssets

|

Flare is the blockchain for data. It is a layer-1, EVM smart contract platform designed to expand the utility of blockchain by delivering data certainty for dApp builders.

FAssets is a trustless, over-collateralized bridge built on Flare that connects non smart contract networks to Flare/Songbird. It enables the creation of wrapped tokens (FAssets) for assets like BTC, DOGE and XRP.

At the core of FAssets v1.1 is a new architecture component called the Core Vault, designed to improve system liquidity, scalability, and capital efficiency.

ETH
Blockchain
Solidity

Live

26d: 0h remaining
Reward Pool
$125,000
Start Date
12 May 2025
End Date
09 June 2025
Rewards Token
USDC
Lines of Code
13,957

  • Triaged by Immunefi

  • Step-by-step PoC Required

Submit a Bug
InformationScopeResources

Documentation

Title
Flare Developer Hub
Description
Conceptual understanding
Link
Title
Technical Details
Description
Refer to the inline code documentation directly in the repository.
Link
Title
Example of Technical Details
Description
As an example, you can explore the Redemption function implementation in RedemptionRequestsFacet.sol
Link
Go to Audits & Known Issues

Asset Accuracy Assurance

  • Bugs found on assets incorrectly listed in-scope will be considered valid and be rewarded.

Private Known Issues Reward Policy

  • Private known issues, meaning known issues that were not publicly disclosed, are valid for a reward.

Primacy of Impact vs Primacy of Rules

  • Flare adheres to the Primacy of Rules, which means that the whole Audit Competition & Mitigation Audit program is run strictly under the terms and conditions stated within this page.

KYC Requirement

  • No KYC is required for the Flare FAssets Audit Competition & Mitigation Audit

Eligibility Criteria

  • Security researchers who wish to participate must adhere to the rules of engagement set forth in this program and cannot be:
    • On OFACs SDN list
    • Official contributor, both past or present
    • Employees and/or individuals closely associated with the project
    • Security auditors that directly or indirectly participated in the audit review

Responsible Publication

  • Whitehats may publish their bug reports after they have been fixed & paid, or closed as invalid, with the following exceptions:

    • Bug reports in mediation may not be published until mediation has concluded and the bug report is resolved.

  • Immunefi may publish bug reports submitted to this Audit Competition and a leaderboard of the participants and their earnings.

Feasibility Limitations

  • When there is uncertainty about how feasible an attack is Immunefi will use our feasibility limitation standards to determine the severity of the report.

Immunefi Standard Badge

  • By adhering to Immunefi’s best practice recommendations, Flare Network has satisfied the requirements for the Immunefi Standard Badge.