88mphV3

The following vulnerabilities are excluded from the rewards for this bug bounty program:

• Attacks that the reporter has already exploited themselves, leading to damage
• Attacks that rely on social engineering
• Attacks requiring access to leaked keys/credentials
• Attacks that rely on spamming
• Attacks that rely on Denial of Service
• Any physical attacks against 88mph property or data centers
• Incorrect data supplied by third party oracles
  • Not to exclude oracle manipulation/flash loan attacks
• Basic economic governance attacks (e.g. 51% attack)
• Lack of liquidity
• Best practice critiques
• Sybil attacks

The following activities are prohibited by bug bounty program:

• Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
• Any testing with pricing oracles or third party smart contracts
• Attempting phishing or other social engineering attacks against our employees and/or customers
• Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
• Any denial of service attacks
• Automated testing of services that generates significant amounts of traffic
• Disassembly or reverse engineering of binaries for which source code is not published, not including smart contract bytecode
• Public disclosure of an unpatched vulnerability in an embargoed bounty