Audit Comp | Lido: Mellow Vault-logo

Audit Comp | Lido: Mellow Vault

Mellow Decentralized Validator Vault

ETH
Defi
DAO
Liquid Staking
Staking
Solidity

Status

Finished
Rewards Pool
$100,000
Vault TVL
$18,537
Started
15 August 2024
Ended
05 September 2024
Rewards Token
DAI
nSLOC
1,281
  • Triaged by Immunefi

  • PoC required

  • Vault program

This Audit Competition Is Over

All paid bug reports are available in original format here

Started
15 August 2024 12:00 UTC
Ended
05 September 2024 08:00 UTC

VaultImmunefi vault program

Funds available

$18,537

30d Avg. Funds availability

$18,501.57

Assets in vault

  • 18.5k  USDC

Public vault address

0x3BC099100846D389aA21986f43250d19d1c23E45

Rewards

Audit Comp | Lido: Mellow Vault provides rewards in DAI on Ethereum, denominated in USD.

Rewards by Threat Level

Smart Contract
Critical
Portion of the Reward Pool
High
Portion of the Reward Pool
Medium
Portion of the Reward Pool
All categories *
Insight
Portion of the Reward Pool

The following reward terms are a summary, for the full details read our Lido Audit Competition Reward Terms.

The reward pool will be entirely distributed among participants. The size depends on the bugs found:

  • If one or more Critical severity bugs are found the reward pool will be - $100,000 USD
  • If one or more High severity bugs are found the reward pool will be - $75,000 USD
  • If one or more Medium severity bugs is found the reward pool will be - $20,000 USD

For this Audit Competition, duplicates and private known issues are valid for a reward.

Private known issues will unlock higher reward pools as though they were one severity level lower. For example, a Critical severity bug which was a private known issue would unlock the reward pool conditional on a High severity bug being found.

The severity level of private known issues remains unchanged and whitehats earn their portion of the reward pool and position on the leaderboard according to this unchanged severity level.

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.3.

Reward Payment Terms

Payouts are handled by the Lido team directly and are denominated in USD. However, payments are done in DAI.

Rewards will be distributed all at once based on Immunefi’s distribution formula after the event has concluded and the final bug reports have been resolved.

Insight Rewards Payment Terms

Insight Rewards: Portion of the Rewards Pool

  • The "Insight" severity was introduced on Audit Competition & Attackathon programs to recognize contributions that extend beyond identifying immediate vulnerabilities. Currently, it's not an option to select the Insight severity when submitting a report. However, our team or program will designate it accordingly if applicable. "Insights" underscores our commitment to valuing all types of contributions that contribute to a more secure environment and will always be rewarded. View more information about Insights.

Program Overview

Lido is a liquid staking solution for Ethereum backed by industry-leading staking providers. Lido lets users stake their ETH - without locking assets or maintaining infrastructure - whilst participating in on-chain activities, e.g. lending.

The Decentralized Validator Vault, developed by Mellow, will be utilized to direct net-new stake to the Lido Simple DVT Module, furthering the decentralization of validators using the Lido protocol. The vault will empower solo and community stakers to run more validators via Lido along with professional node operators.

Stakers in the vault will receive points from the two major DVT providers, Obol & SSV Network, as well as points from Mellow. In addition, by staking in the vault, users will also hold a wstETH position within the vault, represented by an LP token.

For more information about Mellow Vault, please visit https://app.mellow.finance/vaults/ethereum-dvsteth.

For more information about Lido, please visit Lido.fi.

Lido provides rewards in DAI, denominated in USD.

KYC not required

No KYC information is required for payout processing.

Proof of Concept

Proof of concept is always required for all severities.

30d Avg. Funds Availability
$18,501.57
Total Assets in Scope
12