Rubic
Rubic is a Cross-Chain Tech Aggregator for users & dApps. Rubic aggregates 60+ chains, 90+ DEXs & bridges, and enables swapping of 15,500+ assets in 1 click.
Arbitrum
ETH
Defi
Crosschain Liquidity
DEX Aggregator
Solidity
Maximum Bounty
$25,000Live Since
31 July 2023Last Updated
06 November 2024PoC Required
Select the category you'd like to explore
Assets in Scope
Target
Primacy Of Impact
Name
Added on
5 October 2023
Impacts in Scope
Severity
Critical
Title
Direct theft of ERC20 user funds, whether at-rest or in-motion, other than unclaimed yield
Severity
Critical
Title
Permanent freezing of funds
Out of scope
Program's Out of Scope information
- Best practice critiques
- Broken link hijacking is out of scope
Default Out of Scope and rules
Smart Contract specific
- Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
- Impacts requiring basic economic and governance attacks (e.g. 51% attack)
- Lack of liquidity impacts
- Impacts from Sybil attacks
- Impacts involving centralization risks
All categories
- Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
- Impacts caused by attacks requiring access to leaked keys/credentials
- Impacts caused by attacks requiring access to privileged addresses (including, but not limited to: governance and strategist contracts) without additional modifications to the privileges attributed
- Impacts relying on attacks involving the depegging of an external stablecoin where the attacker does not directly cause the depegging due to a bug in code
- Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
- Best practice recommendations
- Feature requests
- Impacts on test files and configuration files unless stated otherwise in the bug bounty program
- Impacts requiring phishing or other social engineering attacks against project's employees and/or customers