infinifi-protocol
Maximum reward
$100,000
Severity
Max. Reward
Critical$100,000
High$15,000
Findings submitted
22
Start date
8 Jun 2025
Please sign in as a researcher to join the bounty.
Log inIn scope
Severity
Min and Max Reward
CriticalUp to $100,000
High
Up to $15,000
Medium
Up to $0
Low
Up to $0
Informational
Up to $0
Ethereum Contract Addresses
Asset | Description |
|---|---|
| CORE | 0xF6d48735EcCf12bDC1DF2674b1ce3fcb3bD25490 |
| TIMELOCK_SHORT | 0x4B174afbeD7b98BA01F50E36109EEE5e6d327c32 |
| TIMELOCK_LONG | 0x3D18480CC32B6AB3B833dCabD80E76CfD41c48a9 |
| FARM_REGISTRY | 0xF5f2718708f471e43968271956CC01aaA8c46119 |
| MANUAL_REBALANCER | 0x160300d5C1eA377B823127d2D6668D43DD5C1d8A |
| RECEIPT_TOKEN | 0x48f9e38f3070AD8945DFEae3FA70987722E3D89c |
| STAKED_TOKEN | 0xDBDC1Ef57537E34680B898E1FEBD3D68c7389bCB |
| LOCKED_POSITION_TOKEN_1 | 0x12b004719fb632f1E7c010c6F5D6009Fb4258442 |
| LOCKED_POSITION_TOKEN_2 | 0xf1839BeCaF586814D022F16cDb3504ff8D8Ff361 |
| LOCKED_POSITION_TOKEN_3 | 0xed2a360FfDC1eD4F8df0bd776a1FfbbE06444a0A |
| LOCKED_POSITION_TOKEN_4 | 0x66bCF6151D5558AfB47c38B20663589843156078 |
| LOCKED_POSITION_TOKEN_5 | 0xf0c4A78fEbf4062aeD39A02BE8a4C72E9857d7d1 |
| LOCKED_POSITION_TOKEN_6 | 0xb06Cc4548FebfF3D66a680F9c516381c79bC9707 |
| LOCKED_POSITION_TOKEN_7 | 0x3A744A6b57984eb62AeB36eB6501d268372cF8bb |
| LOCKED_POSITION_TOKEN_8 | 0xf68b95b7e851170c0e5123a3249dD1Ca46215085 |
| LOCKED_POSITION_TOKEN_9 | 0xBB5cA732fAfEd8870F9C0e8406Ad707939c912E1 |
| LOCKED_POSITION_TOKEN_10 | 0xd15fbf48c6dDdADC9Ef0693B060d80aF51cC26d5 |
| LOCKED_POSITION_TOKEN_11 | 0xed030a37Ec6EB308A416Dc64dD4b649A2BBE4FCd |
| LOCKED_POSITION_TOKEN_12 | 0x3D360aB96B942c1251Ab061178F731eFEbc2d644 |
| LOCKED_POSITION_TOKEN_13 | 0xbd3f9814eB946E617f1d774A6762cDbec0bf087A |
| UNWINDING_MODULE | 0x7092A43aE5407666C78dBEA657a1891f42b3dFcc |
| LOCKING_CONTROLLER | 0x1d95cC100D6Cd9C7BbDbD7Cb328d99b3D6037fF7 |
| ACCOUNTING | 0x7A5C5dbA4fbD0e1e1A2eCDBe752fAe55f6E842B3 |
| YIELD_SHARING | 0x9e8b926A0EB276eB380fb8282eA20c2A2faea967 |
| ORACLE_IUSD | 0x8ABc952f91dB6695E765744ae340BC5eA4B344c1 |
| ORACLE_USDC | 0x64b32f8198a4c89B1F10de7470Ff281513e2e8f5 |
| ALLOCATION_VOTING | 0x49FA678BB8B2F5F8089493a6f93e1bb8500FF853 |
| MINT_CONTROLLER | 0x49877d937B9a00d50557bdC3D87287b5c3a4C256 |
| REDEEM_CONTROLLER | 0xCb1747E89a43DEdcF4A2b831a0D94859EFeC7601 |
| AFTER_MINT_HOOK | 0xa5E274E6c2AbBd30E3A94e1A2dF7e6F5944797a8 |
| BEFORE_REDEEM_HOOK | 0x4b2bFe49829dE3632449928507452EE667f61395 |
| GATEWAY_IMPLEMENTATION_V1 | 0x7954D563cbD9ee121a77805BCe5fe3c44F296D33 |
| GATEWAY_PROXY | 0x3f04b65Ddbd87f9CE0A2e7Eb24d80e7fb87625b5 |
| EMERGENCY_WITHDRAWAL | 0xa406aFC7967C63C5c454AD1f0e0dB9a761fe26e9 |
| MINOR_ROLES_MANAGER | 0xa08Bf802dCecd3c44E6420a52d5158867366be9b |
| ORACLE_USDE | 0x51Fc27C676C25C388735a51b760d64fE0acFf758 |
| ORACLE_SUSD | 0xefE74995689f850123f67C73d61C64B03a7Dce17 |
| ORACLE_USDO | 0x2630bbF66fc421E42DfffD370994fE1938D05083 |
| FARM_AAVEV3 | 0xbFd5FC8DecA3C6128bfCE0FE46c25616811c3580 |
| FARM_MORPHO_SMOKEHOUSE | 0x05b9E728e93D090Aa896B96D96Ad215b6Ca97e93 |
| FARM_MORPHO_GAUNTLETCORE | 0xF7F724fdb7562850E2b068E0a52EC79a768AB884 |
| FARM_MORPHO_GAUNTLETFRONTIER | 0x1D2ED96Cd1F9f89668978B8cf52B5F2E4eED9F5C |
| FARM_EULER_GAUNTLETYIELD | 0xBAfdc42C84Da2A79C5e72F25F610D84452e8d527 |
| FARM_EULER_GAUNTLETPRIME | 0x082dE04C51d3d5332AF2d046923496B05cE00BB3 |
| FARM_FLUID | 0x1484d6C834Ac99B9E50B17e57F85C8603F65657A |
| FARM_COWSWAP_SUSDE | 0x08ce17d83b3BEbb1C43A55a054d656ecBEbAffA7 |
| FARM_PENDLEV2_SUSDE_20250731 | 0xCfdD5c03D640e4ecEF25f32C12411f71B976A4F5 |
| FARM_PENDLEV2_USDE_20250731 | 0xc39fb0D8597adDB96Ab599eCA23a1556De17Bfe3 |
| FARM_PENDLEV2_USDO_20250619 | 0xCCD2D84b9Ecec546Eacb7fb3e17f74Ac86B33728 |
| FARM_PENDLEV2_EUSDE_20250814 | 0xE611D7DF6f6988cFCe36030061764c686E6f725C |
| FARM_PENDLEV2_SYRUPUSDC_20250821 | 0x7BA3Bc4E47F9c44847Caf58bA2e3957D984995A5 |
| LPT_CURVE_ORACLE_V1 | 0x56af923033cbe7F6b83AEb9cBD7621076Fb26647 |
Out of scope
Out-of-Scope Targets:
- Contracts listed in addresses.1.json that are deployed by third parties, like ERC20_USDC, ROUTER_PENDLE, … InfiniFi’s deployer address is 0xdecaDAc8778D088A30eE811b8Cc4eE72cED9Bf22 and all our contracts are verified on Etherscan
- api.infinifi.xyz
- Issues described in previous audit reports (Spearbit, Certora, Cantina), reports are available on our documentation website.
Default Out of Scope:
- Issues found in previous security reviews,
- Third-party contracts not under direct project control,
- Issues with non-standard ERC20 tokens (unless explicitly supported by the project),
- Rounding errors with no significant impact,
- User errors requiring obviously incorrect parameter inputs,
- Vulnerabilities that only manifest during extreme market conditions,
- Incorrect data from third-party oracles
- Note: Oracle manipulation and flash loan attacks are still in scope
- Theoretical exploits without practical proof-of-concept,
- Issues requiring access to leaked keys or credentials,
- Issues arising from Sybil attacks
- Centralization risks
- Basic economic and governance attacks (such as 51% attacks)
- Protocol design choices
- Gas optimization issues and high gas costs
- Best practice suggestions
- Submissions generated using ChatGPT or other LLM tools