infinifi-protocol
@infinifiLive
Maximum reward
$100,000
Severity
Max. Reward
Critical$100,000
High$15,000
Findings submitted
22
Start date
8 Jun 2025
Please sign in as a researcher to join the bounty.
Log inIn scope
Severity
Min and Max Reward
CriticalUp to $100,000
High
Up to $15,000
If you discover a vulnerability in any component not explicitly listed but which poses a risk to user funds, user data, or system integrity, you may submit it for consideration. Our team will review such submissions on a case-by-case basis
Asset | Description |
|---|---|
| https://infinifi.xyz/ | |
| http://app.infinifi.xyz/ |
Out of scope
Out-of-Scope Targets:
- Contracts listed in addresses.1.json that are deployed by third parties, like ERC20_USDC, ROUTER_PENDLE, … InfiniFi’s deployer address is 0xdecaDAc8778D088A30eE811b8Cc4eE72cED9Bf22 and all our contracts are verified on Etherscan
- api.infinifi.xyz
- Issues described in previous audit reports (Spearbit, Certora, Cantina), reports are available on our documentation website.
Default Out of Scope:
- Issues found in previous security reviews,
- Third-party contracts not under direct project control,
- Issues with non-standard ERC20 tokens (unless explicitly supported by the project),
- Rounding errors with no significant impact,
- User errors requiring obviously incorrect parameter inputs,
- Vulnerabilities that only manifest during extreme market conditions,
- Incorrect data from third-party oracles
- Note: Oracle manipulation and flash loan attacks are still in scope
- Theoretical exploits without practical proof-of-concept,
- Issues requiring access to leaked keys or credentials,
- Issues arising from Sybil attacks
- Centralization risks
- Basic economic and governance attacks (such as 51% attacks)
- Protocol design choices
- Gas optimization issues and high gas costs
- Best practice suggestions
- Submissions generated using ChatGPT or other LLM tools