Policies

General Policies

• No Fix, No Pay
• Arbitration Overview
• Responsible Publication Policy
• Project Timelines to Fix Publicly Disclosed Vulnerabilities

Audit Competition, Attackathon, and Invite-Only Policies

• Insight Severity Level
• Proof-of-Concept Rules for Audit Competitions
• Evaluation Process for Audit Competitions
• Standardized Competition Reward Terms
• KYC Process for Audit Competitions
• Mainnet Audit Competition Rules

Feasibility Limitations

• Attacks Involving Undeployed Code on GitHub or Equivalent for Smart Contract Impacts
• Attacks Involving Access to Privileged Addresses for Smart Contract Impacts
• When Is An Impactful Attack Downgraded To Griefing?
• Attacks With A Financial Risk To The Attacker
• Attack Investment Amount
• Pre-Impact Bug Monitoring

See all 11 articles

Per-Program Rules

• Stacks Attackathon II: Code Update Rules
• Butter Audit Competition Reward Terms
• Shardeum Ancillaries III Audit Competition Reward Terms
• Shardeum Core III Audit Competition Reward Terms
• Lombard Audit Competition Reward Terms
• Stacks Attackathon 1 Code Update Changelog

See all 41 articles