Enzyme Onyx

Onyx by Enzyme Finance is a tokenization protocol for asset management vehicles. It facilitates bespoke ERC20 shares issuance, including fees and tools for valuation accounting.

Before submitting a report, please review our Bug Bounty program guidelines carefully. Reports that only cover issues already listed in the program scope will be closed and marked as spam.

Smart contracts may have both a currently deployed version and the latest audited version that is scheduled for deployment. These are labeled as follows:

• Live — the smart contract that is currently deployed and in use
• Latest audited — the most recently audited smart contract, not yet deployed but planned for future release If no labels are present, it means the deployed (live) smart contract is already up to date with the latest audited version.

Proof of Concept (PoC) Requirements

All reports must include a complete, reproducible Proof of Concept (PoC). The PoC must be performed either:

• On a fork of the live deployment; or
• Against deployed contracts using the actual production code (e.g., testnet deployments that match the deployed codebase).

PoCs that rely solely on mocked contracts, heavily modified code, hypothetical scenarios, incomplete snippets, or partial demonstrations will not be accepted.

The PoC must be self-contained and documented in a way that allows reviewers to read and reproduce the issue from start to finish without requiring additional assumptions or missing steps.

Reports that do not include a complete and reproducible PoC meeting the above requirements will be automatically closed as invalid.