Ceres-logo

Ceres

Ceres is one of the first projects on SORA (XOR) blockchain. Ceres is developing DeFi services and utilities for new projects and tokens on Polkaswap (Cross-chain exchange on SORA/Polkadot).

SORA
Infrastructure
Crosschain Liquidity
DAO
Staking
Rust
Maximum Bounty
$30,000
Live Since
09 August 2022
Last Updated
04 December 2024
  • PoC required

Select the category you'd like to explore

Assets in Scope

Target
Type
Blockchain/DLT - ceres-governance-platform/src/lib
Added on
9 August 2022
Target
Type
Blockchain/DLT - ceres-launchpad/src/lib
Added on
9 August 2022
Target
Type
Blockchain/DLT - ceres-liquidity-locker/src/lib
Added on
9 August 2022
Target
Type
Blockchain/DLT - ceres-staking/src/lib
Added on
9 August 2022
Target
Type
Blockchain/DLT - ceres-token-locker/src/lib
Added on
9 August 2022
Target
Type
Blockchain/DLT - demeter-farming-platform/src/lib
Added on
9 August 2022

Impacts in Scope

Severity
Critical
Title

Direct loss of funds

Severity
Critical
Title

Permanent freezing of funds (fix requires hardfork)

Out of scope

Program's Out of Scope information
  • Best practice critiques
Default Out of Scope and rules

Blockchain/DLT specific

  • Incorrect data supplied by third party oracles
    • Not to exclude oracle manipulation/flash loan attacks
  • Impacts requiring basic economic and governance attacks (e.g. 51% attack)
  • Lack of liquidity impacts
  • Impacts from Sybil attacks
  • Impacts involving centralization risks

All categories

  • Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
  • Impacts caused by attacks requiring access to leaked keys/credentials
  • Impacts caused by attacks requiring access to privileged addresses (including, but not limited to: governance and strategist contracts) without additional modifications to the privileges attributed
  • Impacts relying on attacks involving the depegging of an external stablecoin where the attacker does not directly cause the depegging due to a bug in code
  • Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
  • Best practice recommendations
  • Feature requests
  • Impacts on test files and configuration files unless stated otherwise in the bug bounty program
  • Impacts requiring phishing or other social engineering attacks against project's employees and/or customers