WOOFi Bug Bounties

Assets in Scope

Target	Type	Added on
	Smart Contract - IntegrationHelper(token info) - Swap	11 June 2024
	Smart Contract - CrossswapRouterv3.1 - Swap	11 June 2024
	Smart Contract - WooRouterV2 - Swap	11 June 2024
	Smart Contract - WooPPV2 - Swap	11 June 2024
	Smart Contract - WooracleV2_2 - Swap	11 June 2024
	Smart Contract - IntegrationHelper(token info) - Swap	11 June 2024
	Smart Contract - CrossswapRouterv3.1 - Swap	11 June 2024
	Smart Contract - WooRouterV2 - Swap	11 June 2024
	Smart Contract - WooPPV2 - Swap	11 June 2024
	Smart Contract - WooracleV2_2 - Swap	11 June 2024
	Smart Contract - VoidStrategy_ETH - Earn	11 June 2024
	Smart Contract - FarmingVault_ETH - Earn	11 June 2024

Target

Type

Added on

Smart Contract - IntegrationHelper(token info) - Swap

11 June 2024

Target

Type

Added on

Smart Contract - CrossswapRouterv3.1 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - WooRouterV2 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - WooPPV2 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - WooracleV2_2 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - IntegrationHelper(token info) - Swap

11 June 2024

Target

Type

Added on

Smart Contract - CrossswapRouterv3.1 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - WooRouterV2 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - WooPPV2 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - WooracleV2_2 - Swap

11 June 2024

Target

Type

Added on

Smart Contract - VoidStrategy_ETH - Earn

11 June 2024

Target

Type

Added on

Smart Contract - FarmingVault_ETH - Earn

11 June 2024

Impacts in Scope

Critical	Loss of user funds staked (principal) by freezing or theft
Critical	Loss of governance funds
Critical	Incorrect polling actions
High	Theft of unclaimed yield
High	Freezing of unclaimed yield
High	Temporary freezing of funds for 1 day
Medium	Unable to call smart contract
Medium	Smart contract gas drainage
Low	Smart contract fails to deliver promised returns

Critical

Loss of user funds staked (principal) by freezing or theft

Critical

Loss of governance funds

Critical

Incorrect polling actions

High

Theft of unclaimed yield

High

Freezing of unclaimed yield

High

Temporary freezing of funds for 1 day

Medium

Unable to call smart contract

Medium

Smart contract gas drainage

Low

Smart contract fails to deliver promised returns

View rewards

Out of scope

Program's Out of Scope information

The following vulnerabilities are excluded from the rewards for this bug bounty program:

Attacks that the reporter has already exploited themselves, leading to damage
Attacks requiring access to leaked keys/credentials
Attacks requiring access to privileged addresses (governance, strategist)

Smart Contracts and Blockchain

Incorrect data supplied by third party oracles
- Not to exclude oracle manipulation/flash loan attacks
Basic economic governance attacks (e.g. 51% attack)
Lack of liquidity
Best practice critiques
Sybil attacks
Centralization risks

The following activities are prohibited by this bug bounty program:

Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
Any testing with pricing oracles or third party smart contracts
Attempting phishing or other social engineering attacks against our employees and/or customers
Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
Any denial of service attacks
Automated testing of services that generates significant amounts of traffic
Public disclosure of an unpatched vulnerability in an embargoed bounty