Serai
Serai is an actively developed cross-chain, decentralized exchange for Bitcoin, Ethereum, and Monero. Built from scratch in Rust, Serai uses threshold multisignatures to secure coins under its own decentralized network.
Exchange
Defi
Blockchain
AMM
Crosschain Liquidity
DEX
L1
Rust
Maximum Bounty
$30,000Live Since
04 August 2023Last Updated
15 November 2024PoC required
KYC required
Select the category you'd like to explore
Assets in Scope
Target
Primacy Of Impact
Type
Blockchain/DLT
Added on
5 October 2023
Impacts in Scope
Severity
Critical
Title
Recovery of private keys/shares/nonces
Severity
Critical
Title
Signing of unintended messages
Severity
Critical
Title
Ability to forge proofs
Severity
High
Title
Incorrect/incomplete formulas
Severity
Medium
Title
Undocumented transcript collision
Severity
Low
Title
Undocumented panic reachable from a public API
Severity
Low
Title
Non-constant time implementation with regards to secret data
Out of scope
Program's Out of Scope information
- Attacks breaking BFT assumptions
- Best practice critiques
- Signature production by the threshold
- Attacks reliant on attacking an out of scope communication protocol between library users
- Invalid circumstances reachable by providing invalid hashes/curves/ciphersuites/algorithms/etc
- Attacks on the cross-group discrete logarithm proof, marked experimental
- Vulnerabilities/issues in tests/code explicitly for tests
- Bugs only reachable via unsafe code
Default Out of Scope and rules
Blockchain/DLT specific
- Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
- Impacts requiring basic economic and governance attacks (e.g. 51% attack)
- Lack of liquidity impacts
- Impacts from Sybil attacks
- Impacts involving centralization risks
Critical
$30k
High
$5k
Medium
$1k
Low
$250