Security and Audits

Security is Top Priority

The security of the OpenLeverage protocol is our highest priority. Our development team, alongside third-party auditors and consultants, has invested considerable effort to create a protocol that we believe is safe and dependable.

A comprehensive test suite, including automated tests with Truffle, has been completed.

Major bugs discovered as part of the testing and auditing process were fixed. While we try our best to ensure the safety of the OpenLeverage protocol, we cannot guarantee all bugs have been discovered and resolved.

Audits

• Certik - June 2021

• Peckshield - Sep 2021

• PeckShield - Dec 2021

• Code4Rena - Mar 2022

• Peckshield - Sep 2022

• Peckshield - Nov 2022

• Peckshield - Feb 2023

• Peckshield - Nov 2023

Bug Bounty

The bug bounty program is live.

In preparation for a mainnet launch, we have completed rigorous testing on all of our smart contracts. We have also open-sourced our code and engaged Code4Rena, PeckShield, and CertiK to perform audits throughout our codebase.

Scope

The bug bounty covers the smart contracts from the commit of ..dfa3de on the master branch of the Github repository, not including the example contracts and the contracts in the test folder.

Timeline

The bug bounty is now on and will continue until June 30, 2022.

Rules

• Vulnerabilities that have been revealed from our existing audit reports are not eligible for the bug bounty;

• Existing issues opened on the repository are not eligible for the bug bounty;

• Non-security-related issues, such as front-end bugs and gas optimization, are not eligible for the bug bounty;

• Do not publicly share the vulnerability before it has been patched;

• When duplicates occur, we will only award the first report received;

• Paid auditors by OpenLeverage are not eligible for the bounty.

Submission

Please submit your findings to [email protected].

Rewards

Rewards will be based on the severity of the bug found, and rewards will be payable in USDT.

We will categorize each finding with the level of severity, which is solely at the discretion of the OpenLeverage Protocol team. We will follow the OWASP risk rating methodology and estimate a bug’s severity based on the potential impact and the likelihood of exploitation.

Critical: Up to 20,000 USDT

High: Up to 10,000 USDT

Medium: Up to 2,500 USDT

Low: Up to 500 USDT

Join our Discord channel for dev discussion and keep posted.