ALEX Bug Bounties | Immunefi

Assets in Scope

Target	Type	Added on
	Smart Contract - Bridge	21 April 2023
	Smart Contract - AutoALEX	26 April 2022
	Smart Contract - Yield Token Pool	26 April 2022
	Smart Contract - Collateral Rebalancing Pool	26 April 2022
	Smart Contract - AGE 003	26 April 2022
	Smart Contract - AGE 002	26 April 2022
	Smart Contract - AGE 001	26 April 2022
	Smart Contract - ALEX Governance Token	9 February 2022
	Smart Contract - ALEX DAO	9 February 2022
	Smart Contract - ALEX Vault	9 February 2022
	Smart Contract - Simple Weight Pool (ALEX)	9 February 2022
	Smart Contract - Fixed Weight Pool	9 February 2022

Target

Type

Added on

Smart Contract - Bridge

21 April 2023

Target

Type

Added on

Smart Contract - AutoALEX

26 April 2022

Target

Type

Added on

Smart Contract - Yield Token Pool

26 April 2022

Target

Type

Added on

Smart Contract - Collateral Rebalancing Pool

26 April 2022

Target

Type

Added on

Smart Contract - AGE 003

26 April 2022

Target

Type

Added on

Smart Contract - AGE 002

26 April 2022

Target

Type

Added on

Smart Contract - AGE 001

26 April 2022

Target

Type

Added on

Smart Contract - ALEX Governance Token

9 February 2022

Target

Type

Added on

Smart Contract - ALEX DAO

9 February 2022

Target

Type

Added on

Smart Contract - ALEX Vault

9 February 2022

Target

Type

Added on

Smart Contract - Simple Weight Pool (ALEX)

9 February 2022

Target

Type

Added on

Smart Contract - Fixed Weight Pool

9 February 2022

Impacts in Scope

Critical	Loss of user funds staked (principal) by freezing or theft
Critical	Vote manipulation
Critical	Miner-extractable value (MEV)
Critical	Protocol Insolvency
Critical	Permanent freezing of funds
High	Theft of unclaimed yield
High	Freezing of unclaimed yield
High	Temporary freezing of funds for a minimum period of 1 day

Critical

Loss of user funds staked (principal) by freezing or theft

Critical

Vote manipulation

Critical

Miner-extractable value (MEV)

Critical

Protocol Insolvency

Critical

Permanent freezing of funds

High

Theft of unclaimed yield

High

Freezing of unclaimed yield

High

Temporary freezing of funds for a minimum period of 1 day

View rewards

Out of scope

Program's Out of Scope information

The following vulnerabilities are excluded from the rewards for this bug bounty program:

Attacks that the reporter has already exploited themselves, leading to damage
Attacks requiring access to leaked keys/credentials
Attacks requiring access to privileged addresses (governance, strategist)

Smart Contracts and Blockchain

Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
Basic economic governance attacks (e.g. 51% attack)
Lack of liquidity
Best practice critiques
Sybil attacks
Centralization risks

The following activities are prohibited by this bug bounty program:

Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
Any testing with pricing oracles or third party smart contracts
Attempting phishing or other social engineering attacks against our employees and/or customers
Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
Any denial of service attacks
Automated testing of services that generates significant amounts of traffic
Public disclosure of an unpatched vulnerability in an embargoed bounty