OKX Labs

The following are explicitly excluded from the program scope:

• Contracts deployed on testnets, devnets, or mainnets for testing/internal use only.
• Third-party dependencies, third-party contracts integrated by OKX Labs, or code not under direct OKX Labs control.
• Repository branches other than main.
• Issues identified in previous security audits or reviews.
• Vulnerabilities in non-standard ERC20 tokens (unless explicitly supported by the project).
• Rounding errors with no material impact on users or funds.
• User errors caused by obviously incorrect parameter inputs.
• Vulnerabilities that only manifest under extreme market conditions.
• Incorrect data from third-party oracles (note: oracle manipulation and flash loan attacks remain in scope).
• Theoretical exploits without a practical, reproducible proof-of-concept.
• Issues requiring access to leaked private keys, credentials, or privileged accounts.
• Vulnerabilities arising from Sybil attacks.
• Centralization risks, basic economic/governance attacks (e.g., 51% attacks), or protocol design choices.
• Gas optimization issues, high gas costs, or best practice suggestions.
• Submissions generated entirely by ChatGPT or other LLM tools (unless supplemented with original validation and analysis).