Rubic
Rubic is a Cross-Chain Tech Aggregator for users & dApps. Rubic aggregates 60+ chains, 90+ DEXs & bridges, and enables swapping of 15,500+ assets in 1 click.
PoC required
Resources & Documentation
Impacts only apply to assets in active use by the project like contracts on mainnet or web/app assets used in production. Any impact that applies to assets not in active use, like test or mock files, are out-of-scope of the bug bounty program unless explicitly mentioned as in-scope.
Smart Contracts
- Smart Contracts - PoC, Smart Contract bug reports are required to include a runnable Proof of Concept (PoC) in order to prove impact.
- For more information on PoCs please visit: Proof of Concept (PoC) Guidelines and Rules
Whitehats are highly encouraged to review any potential subdomains and what specific port(s) are in scope. Even though the domain may be the same, different ports may point to different assets. Award not guaranteed but possible.
Dev Environment and Documentation
Rubic has included dev documentation and/or instructions to help in reviewing code and exploring for bugs:
- https://docs.rubic.finance/rubic/introduction
- https://github.com/Cryptorubic/multi-proxy-rubic/tree/master/deployments
Impacts to other assets
Hackers are encouraged to submit issues outside of the outlined Impacts and Assets in Scope.
If whitehats can demonstrate a critical impact on code in production for an asset not in scope, Rubic encourages you to submit your bug report using the “primacy of impact exception” asset.