EVC Bug Bounty Program

1. Introduction:

Background:

The Ethereum Vault Connector (EVC) represents a pivotal innovation in the world of decentralized finance. As a foundational layer, it is engineered to underpin the essential functions of a lending market, offering a stable and adaptable platform for development. The EVC stands out by its unique ability to facilitate interactions between various vaults. These vaults, conforming to the ERC-4626 interface, incorporate logic for seamless interfacing with other vaults, thus enhancing interoperability within the ecosystem.

Purpose and Importance:

At its core, the EVC simplifies and streamlines operations for core lending and borrowing contracts. By shouldering the complexity, it allows these contracts to concentrate on their unique features and capabilities. This not only fosters innovation but also ensures a higher degree of stability and security in financial operations. As the EVC prepares for its public release, our priority is to ensure its robustness and reliability.

Objective of the Bug Bounty Program:

The Euler Bug Bounty Program managed by Cantina is initiated with a clear objective: to harness the collective expertise of the community in identifying and addressing potential security vulnerabilities within the EVC. By engaging with skilled security researchers, ethical hackers, and the wider community, we aim to scrutinize the EVC for any weaknesses that could be exploited maliciously. This program serves as a proactive step towards fortifying the EVC’s security posture, ensuring it operates with the highest level of integrity and reliability in the decentralized finance landscape.

Key Areas for Testing:

Security vulnerabilities in any of the listed contracts.
Functional flaws that could affect the integrity and reliability of the EVC.
Interactions between the contracts, especially concerning data handling and execution flow.

Out of Scope and Non-qualifying bugs:

Vulnerabilities in third-party libraries not directly related to the EVC’s core contracts.
Issues related to the underlying blockchain protocol.
Any issues/vulnerabilities discussed in the White Paper.
Any security issues/vulnerabilities already reported in the security audits.

3. Submission Guidelines:

For the Euler Bug Bounty Program managed by Cantina, all bug reports should be submitted via the Cantina Bug Bounty Program. Please ensure you adhere to the rules outlined on the Cantina Bug Bounty page.

Severity and Reward Discretion:

Severity Assessment: Euler reserves the right to determine the severity of each reported bug. This assessment will be based on the potential impact, exploitability, and other relevant factors.
Reward Allocation: Rewards for valid bug reports will be determined at the discretion of Euler, based on the assessed severity and in accordance with the reward structure outlined in the program.
Final Decision: The decisions made by Euler regarding severity classification and reward allocation are final and binding.

Responsible Reporting:

We encourage reporters to collaborate with the Euler team in resolving the identified issue, maintaining a constructive and cooperative approach.

These guidelines are established to manage the bug bounty process effectively, ensuring fair and orderly reporting and reward distribution. Participants are urged to adhere to these principles to contribute positively to the security and integrity of the Ethereum Vault Connector.

10. Additional Information:

For additional documentation please refer to:

Github: link
Docs: link
Specs: link
Diagrams: link
Security Audits: link

1. Introduction:​

Background:​

Purpose and Importance:​

Objective of the Bug Bounty Program:​

Key Areas for Testing:​

Out of Scope and Non-qualifying bugs:​

3. Submission Guidelines:​

Severity and Reward Discretion:​

Responsible Reporting:​

10. Additional Information:​