Immunefi
Immunefi
Back to Explore
Audit Comp | Jito Restaking-logo

Audit Comp | Jito Restaking

The Jito Foundation

Solana
Defi
Infrastructure
Staking

Evaluating

8d: 15h remaining
Rewards Pool
$150,000
Vault TVL
To be determined
Started
04 November 2024
Ended
02 December 2024
Rewards Token
JTO
nSLOC
14,000

  • Triaged by Immunefi

  • PoC required

  • KYC required

InformationScopeResources

Codebase

Title
Jito's Codebase
Description
Jito's up-to-date codebase
Link

Documentation

Title
Jito's Documentation
Description
Jito's documentation and further resources
Link
Go to Audits & Known Issues

Jito’s up-to-date codebase can be found at https://github.com/jito-foundation/restaking. Documentation and further resources can be found at https://docs.restaking.jito.network.

Mid-Contest Code Updates

In this contest bug fixes may be applied mid-contest.

The project is to keep changes private as far as possible. When changes need to be made public, then the changelog will be updated here & in the Jito Restaking Audit Competition Discord channel. Publicly fixed bugs are invalid and the scope is updated to the new code.

All bug reports before the fix was public will earn a reward. All bug reports after are invalid. If a new bug is introduced by their fix then it is valid for a reward.

Mid-Contest Changelog

None

KYC Requirement

Jito will be requesting KYC information in order to pay for successful bug submissions. The following information will be required:

  • Full name
  • Date of birth
  • Proof of address (either a redacted bank statement with address or a recent utility bill)
  • Copy of Passport or other Government issued ID

Security researchers are required to submit KYC within 14 days of KYC being requested, else their rewards may be forfeited. Immunefi may make exceptions due to extenuating circumstances.

Asset Accuracy Assurance

Bugs found on assets incorrectly listed in-scope will be considered valid and be rewarded.

Private Known Issues Reward Policy

Private known issues, meaning known issues that were not publicly disclosed, are valid for a reward equal to that of a bug one severity lower.

Primacy of Impact vs Primacy of Rules

Jito adheres to the Primacy of Rules, which means that the whole bug bounty program is run strictly under the terms and conditions stated within this page.

Responsible Publication

Whitehats may publish their bug reports after they have been fixed & paid, or closed as invalid, with the following exceptions:

  • Bug reports in mediation may not be published until mediation has concluded and the bug report is resolved.

Immunefi may publish bug reports submitted to this audit competition and a leaderboard of the participants and their earnings.

Immunefi Standard Badge

By adhering to Immunefi’s best practice recommendations, Jito has satisfied the requirements for the Immunefi Standard Badge.