From eaa7858000d9a61fd52b001ad20d6047f0b32eaa Mon Sep 17 00:00:00 2001 From: isabelle Date: Thu, 20 Jun 2024 12:08:58 -0400 Subject: [PATCH] security nit --- .../en/technology/security/audits-and-bug-bounty.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx index 6f6d5d28..00c1c842 100644 --- a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx +++ b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx @@ -17,6 +17,12 @@ Aside from rigorous testing, an internal security team, and comprehensive code r exception. We encourage users to use the protocol with caution and at their own risk. +### Scope + +The scope of the bug bounty program covers the blockchain infrastructure and the smart contracts for bridging and rollup. For a detailed breakdown of bug categories, please refer to the bug bounty page. + +Besides the listed scopes in the bug bounty program, we also encourage reporting any vulnerabilities identified to Immunefi, which we will still consider for rewards. For any discoveries of critical vulnerabilities outside of the scope of the bug bounty program, please also send reports to security@scroll.io. + ## Independent Audits Scroll has worked with several industry-leading security audit firms to review our codebase, with critical code receiving reviews from multiple teams, including [Trail of Bits](https://www.trailofbits.com/), [OpenZeppelin](https://www.openzeppelin.com/), [Zellic](https://www.zellic.io/), and [KALOS](https://www.kalos.xyz/). @@ -73,9 +79,3 @@ Rewards depend on the severity of reported vulnerabilities: - **Critical**: up to \$1,000,000 - **High**: \$10,000 - \$50,000 - **Medium**: \$5,000 - -### Scope - -The scope of the bug bounty program covers the blockchain infrastructure and the smart contracts for bridging and rollup. For a detailed breakdown of bug categories, please refer to the bug bounty page. - -Besides the listed scopes in the bug bounty program, we also encourage reporting any vulnerabilities identified to Immunefi, which we will still consider for rewards. For any discoveries of critical vulnerabilities outside of the scope of the bug bounty program, please also send reports to security@scroll.io.