Immunefi
Immunefi
Back to Explore
IOP | Zano-logo

IOP | Zano

|

Zano is the development of a scalable and secure coin, designed for use in e-commerce. The technology behind our blockchain provides reliability, security, and flexibility—a perfect option for P2P transactions.

For more information about Zano, please visit https://zano.org/.

Zano rewards are denominated in USD and distributed in USDC on Ethereum

Blockchain
L1
C/C++

Live

9d: 5h remaining
Rewards Pool
$25,000
Vault TVL
To be determined
Started
17 February 2025
Ends
03 March 2025
Rewards Token
USDC
nSLOC
5,000
Arbitration
No

  • PoC required

  • KYC required

Submit a Bug
InformationScopeResources

This Audit Competition Is Live!

Started
17 February 2025 10:00 UTC
Ends
03 March 2025 14:00 UTC

Rewards

IOP | Zano provides rewards in USDC on Ethereum, denominated in USD.

Rewards by Threat Level

Blockchain/DLT
Critical
portion of the Reward Pool
High
portion of the Reward Pool
Medium
portion of the Reward Pool
Low
portion of the Reward Pool
Websites and Applications
Critical
portion of the Reward Pool
High
portion of the Reward Pool
Medium
portion of the Reward Pool
Low
portion of the Reward Pool
All categories *
Insight
Portion of the Reward Pool

Rewards are distributed among SRs according to Immunefi’s Standardized Competition Reward Terms.

Total budget: $25,000 broken down as follows:

Reward pool:

If bugs are found → USD $15k (see Immunefi’s Standardized Competition Reward Terms)

If only Insights are found → USD $1,35k (9% of the Reward pool)

Guaranteed rewards: $5k per SR → $10k total (for 2 SRs)

Duplicate submissions of bugs are valid. Duplicate submissions of Insights are invalid.

Proof of Concept (PoC) Requirements

For this program, runnable PoC code is not required. Whitehats are instead required to write a step-by-step explanation of the PoC and impact.

View impacts in scope

Program Overview

Zano is the development of a scalable and secure coin, designed for use in e-commerce. The technology behind our blockchain provides reliability, security, and flexibility—a perfect option for P2P transactions.

For more information about Zano, please visit https://zano.org/.

Zano rewards are denominated in USD and distributed in USDC on Ethereum

Known Issues

Category
Websites and Applications
Description / Link
Any attacks related to lock time in transaction are out of scope. We removed this parameter from API but it still possible to create transaction with locked outputs. we are aware of this situation and it’s known to exist. Also, the default wallet behaviour is ignoring such transactions.
Last Updated At
13 February 2025

KYC required

The submission of KYC information is a requirement for payout processing.

Proof of Concept

Proof of concept is always required for all severities.

Prohibited Activities

Default prohibited activities
  • Any testing on mainnet or public testnet deployed code; all testing should be done on local-forks of either public testnet or mainnet
  • Any testing with pricing oracles or third-party smart contracts
  • Attempting phishing or other social engineering attacks against our employees and/or customers
  • Any testing with third-party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
  • Any denial of service attacks that are executed against project assets
  • Automated testing of services that generates significant amounts of traffic
  • Public disclosure of an unpatched vulnerability in an embargoed bounty
  • Any other actions prohibited by the Immunefi Rules