IOP | Zano

Zano is the development of a scalable and secure coin, designed for use in e-commerce. The technology behind our blockchain provides reliability, security, and flexibility—a perfect option for P2P transactions.

For more information about Zano, please visit https://zano.org/.

Zano rewards are denominated in USD and distributed in USDC on Ethereum

Blockchain

C/C++

Status

Finished

Reward Pool

$25,000

Start Date

17 February 2025

End Date

10 March 2025

Rewards Token

USDC

Lines of Code

5,000

Status

Finished

Findings Report

PoC required
Vault program
KYC required

Findings Report

Leaderboard Information Scope Resources

This Audit Competition Is Over

Invite-Only-Program cards for security researchers with paid reports are available here. The amounts show $5K in guaranteed rewards per SR and a $15K reward pool distributed according to the Standardized Competition Reward Terms.

All paid bug reports are available in original format here.

Start Date

17 February 2025 10:00 UTC

End Date

10 March 2025 14:00 UTC

Immunefi vault program

Funds available

30d Avg. Funds availability

$14,998.04

Assets in vault

Public vault address

0xF441ffe50e0b416429A93Fc2A36E7D117b7F5C3F

Rewards

IOP | Zano provides rewards in USDC on Ethereum, denominated in USD.

Rewards by Threat Level

Blockchain/DLT

Critical

portion of the Reward Pool

High

portion of the Reward Pool

Medium

portion of the Reward Pool

Low

portion of the Reward Pool

Websites and Applications

Critical

portion of the Reward Pool

High

portion of the Reward Pool

Medium

portion of the Reward Pool

Low

portion of the Reward Pool

All categories *

Insight

Portion of the Reward Pool

Rewards are distributed among SRs according to Immunefi’s Standardized Competition Reward Terms.

Total budget: $25,000 broken down as follows:

Reward pool:

If bugs are found → USD $15k (see Immunefi’s Standardized Competition Reward Terms)

If only Insights are found → USD $1,35k (9% of the Reward pool)

Guaranteed rewards: $5k per SR → $10k total (for 2 SRs)

Duplicate submissions of bugs are valid. Duplicate submissions of Insights are invalid.

Proof of Concept (PoC) Requirements

For this program, runnable PoC code is not required. Whitehats are instead required to write a step-by-step explanation of the PoC and impact.

View impacts in scope

Program Overview

For more information about Zano, please visit https://zano.org/.

Zano rewards are denominated in USD and distributed in USDC on Ethereum

Known Issues

Category	Description / Link	Last Updated At
Websites and Applications	Any attacks related to lock time in transaction are out of scope. We removed this parameter from API but it still possible to create transaction with locked outputs. we are aware of this situation and it’s known to exist. Also, the default wallet behaviour is ignoring such transactions.	13 February 2025

KYC required

The submission of KYC information is a requirement for payout processing.

Proof of Concept

Proof of concept is always required for all severities.

Prohibited Activities

Default prohibited activities

Any testing on mainnet or public testnet deployed code; all testing should be done on local-forks of either public testnet or mainnet
Any testing with pricing oracles or third-party smart contracts
Attempting phishing or other social engineering attacks against our employees and/or customers
Any testing with third-party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
Any denial of service attacks that are executed against project assets
Automated testing of services that generates significant amounts of traffic
Public disclosure of an unpatched vulnerability in an embargoed bounty
Any other actions prohibited by the Immunefi Rules

30d Avg. Funds Availability

$14,998.04