OPZ
  • Introduction
    • Overview
    • Roadmap
      • ✔️2022: Q1-Q2
      • ✔️2022: Q3-Q4
      • ✔️2023: Q1-Q2
      • ✔️2023: Q3-Q4
      • ✔️2024: Q1-Q2
      • ✔️2024: Q3-Q4
      • 2025: Q1-Q2
      • 2025
  • KeyFusion
    • Introduction to KeyFusion
    • Key Concepts and Techniques
      • Key Generation
      • ECDSA Signing Process
      • Schnorr/EdDSA Signing
    • Security and Usability
  • OPZ App
    • Introduction to OPZ app
    • Getting Started
    • Security
      • Token Safety, Address Verification, and dApp Security
      • MPC-2FA Signing
      • Anti-Zero Transfer
    • Advanced Settings
  • OPZ-AI
    • Introduction OPZ-AI
    • Superintelligence Trader
    • Features
    • OPZ TestNet
  • OPZ-NFC
    • Introduction OPZ-NFC
    • Getting Started
    • NFC-Only Mode
    • OPZ CARD
  • OPZ-DEX (Beta)
    • OPZ-DEX
    • Trading Architecture
    • Type and Time-In-Force
    • Status & Priority Rules
    • Funding Rate Structure
    • OPZ Network
    • Referral Program
    • Resource Hub
  • Community & Tokenomics
    • OPZ Token Overview
    • Presale Schedule
    • Trade & Earn
  • Misc
    • Brand Logo & Guidelines
    • Bug Bounty
Powered by GitBook
On this page
  • Program Overview
  • Invalid Bug Bounties

Was this helpful?

  1. Misc

Bug Bounty

Last updated 7 months ago

Was this helpful?

Program Overview

The classification of severity levels is determined by . It is important to note that these levels are merely suggestions and each bug bounty submission will be individually assessed.

Invalid Bug Bounties

The following are not covered by the bug bounty program:

  • Incidents where the reporter has caused harm by exploiting the vulnerability themselves.

  • Vulnerabilities that can only be exploited by utilizing leaked keys or credentials.

  • Vulnerabilities that require access to privileged addresses such as governance or admin addresses.

  • Issues caused by incorrect data supplied by external oracles (however, oracle manipulation or flash loan attacks are still in scope)

  • Situations where there is a lack of liquidity.

  • Errors made by third-party off-chain bots (e.g. bugs in an arbitrage bot running on the smart contracts)

  • Suggestions for best practice or critiques.

  • Sybil attacks.

Immunefi Vulnerability Severity Classification System