Serai
Serai is an actively developed cross-chain, decentralized exchange for Bitcoin, Ethereum, and Monero. Built from scratch in Rust, Serai uses threshold multisignatures to secure coins under its own decentralized network.
Exchange
Defi
Blockchain
AMM
Crosschain Liquidity
DEX
L1
Rust
Maximum Bounty
$30,000Live Since
04 August 2023Last Updated
05 October 2023PoC required
KYC required
Select the category you'd like to explore
Assets in Scope
Target
Type
Added on
Primacy Of Impact
Blockchain/DLT
5 October 2023
Impacts in Scope
Critical
Recovery of private keys/shares/nonces
Critical
Signing of unintended messages
Critical
Ability to forge proofs
High
Incorrect/incomplete formulas
Medium
Undocumented transcript collision
Low
Undocumented panic reachable from a public API
Low
Non-constant time implementation with regards to secret data
Out of scope
Program's Out of Scope information
These impacts are out of scope for this bug bounty program.
All Categories
- Attacks that the reporter has already exploited themselves, leading to damage
- Attacks requiring access to leaked keys/credentials, though not attacks gaining access to keys/credentials
- Broken link hijacking is out of scope
Smart Contracts and Blockchain/DLT
- Attacks breaking BFT assumptions
- Lack of liquidity
- Best practice critiques
- Centralization risks
- Signature production by the threshold
- Attacks reliant on attacking an out of scope communication protocol between library users
- Invalid circumstances reachable by providing invalid hashes/curves/ciphersuites/algorithms/etc
- Attacks on the cross-group discrete logarithm proof, marked experimental
- Vulnerabilities/issues in tests/code explicitly for tests
- Bugs only reachable via unsafe code