PoC Required
Select the category you'd like to explore
Assets in Scope
Impacts in Scope
For the "Undocumented panic reachable from a public API" impact, we are officially considering Rust panics. We cannot prevent an operating system which decides to terminate a program using our library. We will, however, consider out-of-memory issues (and similar) if they're reasonably posited as a Denial of Service. The fact any function allocates, and therefore can exceed the program's allowed memory usage, will not automatically be considered as a valid submission. Notable overhead for the amount of memory allocated as a factor of the amount of memory legitimately present must be demonstrated.
Roughly stated, the academic definition of incorrect is an algorithm whose honest execution will not have the expected result. The roughly-stated academic definition of incomplete is an algorithm which claims to work with a set of cases yet actually only works for a subset. This is distinct from unsoundness, where a verifier should be convinced a correct proof is correct yet is convinced by an incorrect proof, and zero-knowledge, where an algorithm which shouldn't reveal any additional information about the secrets does in fact do so. Our occassional (as appropriate within the Monero protocol) support for points which have a term from a small-order subgroup will not inherently be considered incorrect or incomplete unless such effects actually descend from this property.
Unintended, undocumented recovery of private spend keys (or private spend key shares)
Signing of unintended messages
Reportedly received funds which weren’t actually received
Ability to forge proofs present with only the default features
Incorrect/incomplete (in the academic sense) cryptographic formulae within a verifier's callstack
Incompatibilities with the targeted Monero consensus protocol which would require reimplementing notable sections of monero-oxide
Undocumented fingerprints in created transactions, when compared to the targeted version of Monero’s wallet2
Incompatibilities with the targeted Monero wallet protocol which would require reimplementing notable sections of monero-oxide
Incorrect/incomplete (in the academic sense) cryptographic formulae within a prover's callstack
Non-constant-time implementation with regards to secret data
Undocumented panic reachable from a public API
Out of scope
Blockchain/DLT specific
- Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
- Impacts requiring basic economic and governance attacks (e.g. 51% attack)
- Lack of liquidity impacts
- Impacts from Sybil attacks
- Impacts involving centralization risks
All categories
- Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
- Impacts caused by attacks requiring access to leaked keys/credentials
- Impacts caused by attacks requiring access to privileged addresses (including, but not limited to: governance and strategist contracts) without additional modifications to the privileges attributed
- Impacts relying on attacks involving the depegging of an external stablecoin where the attacker does not directly cause the depegging due to a bug in code
- Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
- Best practice recommendations
- Feature requests
- Impacts on test files and configuration files unless stated otherwise in the bug bounty program
- Impacts requiring phishing or other social engineering attacks against project's employees and/or customers