OpenLeverage | Docs
  • Introduction of OpenLeverage
  • FAQ
  • Protocol Overview
    • How OpenLeverage Works
    • Margin Trading
    • Lending
    • Borrowing
    • Liquidation
    • OnDemand Oracle
  • OLE Token (V2)
    • Token Info
    • Liquidity Mining with xOLE
    • Bridging OLE Token
    • OLE V1 Migration
  • REWARDS
    • Sponsored Rewards
    • Staking and xOLE
    • Trading, Lending, and Borrowing Rewards
    • Retroactive Rewards
  • GOVERNANCE
    • OpenLeverage Community Council
    • Councilmember Guidelines
    • Ambassador Guidelines
    • OLE Buybacks
  • Tutorials
    • Wallet Setup
    • Create Market
    • Margin Trade
    • Lend to Earn
    • Liquidation
    • Notification
    • Create a Gnosis Safe
    • Try Scroll Alpha Testnet
  • Dev
    • Developer Guide
    • Security and Audits
  • Terms of Service
  • Brand Assets
  • Contact Us
Powered by GitBook
On this page
  • Security is Top Priority
  • Audits
  • Bug Bounty
  • Scope
  • Timeline
  • Rules
  • Submission
  • Rewards

Was this helpful?

  1. Dev

Security and Audits

PreviousDeveloper GuideNextTerms of Service

Last updated 1 year ago

Was this helpful?

Security is Top Priority

The security of the OpenLeverage protocol is our highest priority. Our development team, alongside third-party auditors and consultants, has invested considerable effort to create a protocol that we believe is safe and dependable.

A comprehensive test suite, including with Truffle, has been completed.

Major bugs discovered as part of the testing and auditing process were fixed. While we try our best to ensure the safety of the OpenLeverage protocol, we cannot guarantee all bugs have been discovered and resolved.

Audits

Bug Bounty

The bug bounty program is live.

In preparation for a mainnet launch, we have completed rigorous testing on all of our smart contracts. We have also open-sourced our code and engaged Code4Rena, PeckShield, and CertiK to perform audits throughout our codebase.

Scope

Timeline

The bug bounty is now on and will continue until June 30, 2022.

Rules

  • Non-security-related issues, such as front-end bugs and gas optimization, are not eligible for the bug bounty;

  • Do not publicly share the vulnerability before it has been patched;

  • When duplicates occur, we will only award the first report received;

  • Paid auditors by OpenLeverage are not eligible for the bounty.

Submission

Rewards

Rewards will be based on the severity of the bug found, and rewards will be payable in USDT.

Critical: Up to 20,000 USDT

High: Up to 10,000 USDT

Medium: Up to 2,500 USDT

Low: Up to 500 USDT

The bug bounty covers the smart contracts from the on the master branch of the , not including the example contracts and the contracts in the test folder.

Vulnerabilities that have been revealed from our existing are not eligible for the bug bounty;

opened on the repository are not eligible for the bug bounty;

Please submit your findings to .

We will categorize each finding with the level of severity, which is solely at the discretion of the OpenLeverage Protocol team. We will follow the and estimate a bug’s severity based on the potential impact and the likelihood of exploitation.

Join our channel for dev discussion and keep posted.

automated tests
Certik - June 2021
Peckshield - Sep 2021
PeckShield - Dec 2021
Code4Rena - Mar 2022
Peckshield - Sep 2022
Peckshield - Nov 2022
Peckshield - Feb 2023
Peckshield - Nov 2023
commit of ..dfa3de
Github repository
audit reports
Existing issues
[email protected]
OWASP risk rating methodology
Discord