Coinbase

Coinbase

@coinbase
Live

Maximum reward

$5,000,000

Severity

Max. Reward

Critical

$5,000,000

High

$500,000

Medium

$50,000

Low

$5,000

Findings submitted

78

Start date

8 Jul 2025

KYC

Required to join

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

In scope

Tier 0Tier 1

Severity

Min and Max Reward

Critical

Up to $500,000

High

Up to $50,000

Medium

Up to $5,000

Low

Up to $500

Informational

Up to $0

Tier 1 encapsulates everything that is not in Tier 0. In other words, Tier 1 has mainnet contracts associated with all products not in Tier 0 that are deployed by Coinbase. Below, we provide a list of contracts in this tier, which is not meant to be exhaustive.

Base AppChains

AssetChainDescriptionContracts
DeployChainBasePreinstall deployment factory for creating chains.
Manages chain initialization with precompiled contracts.		0xe8c6D9460Ce61D260260d27f30bde8b8d1a8341e
SuperchainConfigBaseConfiguration contract for Superchain deployments.
Controls global superchain settings and parameters.		0xc5b0B126fFD9D36084af85359a07Fb798A405aDc

Basenames

AssetChainDescriptionContracts
OpenEdition721MintBaseERC721 NFT minting contract for open edition collections.
Enables unlimited minting of digital collectibles.		0x75D2eA122cC20B6e661775Ac18ffF0B4547B9fe6
EARegistrarControllerBaseENS domain registration controller for Early Access users.
Handles discounted domain registrations for qualifying addresses.		0xd3e6775Ed9B7dC12B205C8E608Dc3767B9e5eFdA
L2ResolverBaseENS resolver for Base usernames with CCIP-read support.
Manages name resolution and record storage for .base.eth domains.		0xC6d566A56A1aFf6508b41f6c90ff131615583BCD
RegistrarControllerBaseMain domain registration and renewal controller.
Handles pricing, discounts, and domain lifecycle management.		0x4cCb0BB02FCABA27e82a56646E81d8c5bC4119a5
CB1DiscountValidatorBaseValidates eligibility for CB1 holder discounts.
Checks ownership of Coinbase One NFTs for domain registration discounts.		0x9de4Ab12320684cec803Edb72aA3a920250d392C
BaseETHDiscountValidatorBaseValidates ETH-based discount eligibility on Base.
Checks ETH balance thresholds for domain registration discounts.		0x55564490a44FDC2aEEa54B60eB1c79F124FD88b9
CBIdDiscountValidatorBaseValidates Coinbase ID verification for discounts.
Checks verified Coinbase account status for domain pricing benefits.		0x0A484e560946818787135EAD632771589523dE82
VADiscountValidatorBaseValidates early access discount eligibility.
Manages whitelist-based domain registration discounts for qualifying users.		0x012076854d030128dc72B34621287Bb585210315
BNSDiscountValidatorBaseValidates eligibility for Basename NFT holder discounts.
Checks ownership of early Basename NFTs for registration benefits.		0x20b433c640DFb8c2e3C6aBB0533314b2d7B9f2FF
OCSNFTDiscountValidatorBaseValidates discounts for OnChain Summer NFT holders.
Checks ownership of qualifying OnChain Summer NFTs for domain discounts.		0x55246A2AE466257B2fB54d4BB881Fb3f17D8e03e
EAExponentialPremiumPriceOracleBaseEarly Access pricing oracle with exponential premium decay.
Implements launch pricing with time-based premium reduction.		0x46114792Cc08Baf79006f25Ec9eE23AC64e119ca
ExponentialPremiumPriceOracleBaseStandard pricing oracle with exponential premium decay.
Calculates domain prices with time-based premium reduction after expiry.		0x508CFE43aa84b8048cB6d39037cE0dc96d8aDc75
BaseRegistrarBaseCore domain registration and ownership management contract.
ERC721-based registrar for .base.eth domain ownership and transfers.		0x03c4738Ee98aE44591e1A4A4F3CaB6641d95DD9a
EaMerkleDiscountValidatorBaseEarly Access merkle proof discount validator.
Validates whitelist eligibility using merkle tree proofs for domain discounts.		0x6E89d99643DB1223697C77A9F8B2Cb07E898e743
ReverseRegistrarBaseManages reverse ENS lookups for addresses.
Allows setting primary names for addresses for reverse resolution.		0x79EA96012eEa67A83431F1701B3dFf7e37F9E282
DevfolioDiscountValidatorBaseValidates discounts for Devfolio platform users.
Checks eligibility for developer-focused domain registration discounts.		0xB635802085b405A9C8BA7225ae866f60b63d8503
LaunchAuctionPriceOracleBaseAuction-based pricing oracle for launch phase.
Implements Dutch auction pricing for premium domain name launches.		0xd53B558e1F07289acedf028d226974AbBa258312
RegistryBaseCore ENS registry for .base.eth domains.
Central registry managing domain ownership and resolver assignments.		0xB94704422c2a1E396835A571837Aa5AE53285a95
L1ResolverEthereumLayer 1 ENS resolver for cross-chain resolution.
Handles ENS resolution queries on Ethereum for Base domains.		0xde9049636F4a1dfE0a64d1bFe3155C0A14C54F31
L1ResolverEthereumLayer 1 ENS resolver for cross-chain resolution.
Handles ENS resolution queries on Ethereum for Base domains.		0x480F8F2FfE823Dc70F499Cc2542C42a3a6aD3f20

Coinbase Attestations

AssetChainDescriptionContracts
EASBaseEthereum Attestation Service for creating on-chain attestations.
Enables verifiable claims and credentials infrastructure.		0x4200000000000000000000000000000000000021
SchemaRegistryBaseRegistry for managing attestation schemas and templates.
Defines structure for different types of attestations.		0x4200000000000000000000000000000000000020
CoinbaseIndexerBaseCoinbase indexing service for attestation data aggregation.
Provides efficient querying and discovery of attestations.		0x2c7eE1E5f416dfF40054c27A62f7B357C4E8619C
CoinbaseAttesterBaseOfficial Coinbase attestation authority and issuer.
Creates and validates Coinbase-backed attestations.		0x357458739F90461b99789350868CD7CF330Dd7EE
CoinbaseResolverBaseResolver for processing and validating Coinbase attestations.
Handles attestation verification and resolution logic.		0xD867CbEd445c37b0F95Cc956fe6B539BdEf7F32f

Coinbase Smart Wallet infrastructure

AssetChainDescriptionContracts
CoinbaseSmartWalletValidatorEthereumValidator contract for Coinbase Smart Wallet transactions.
Provides signature verification and security validation.		0x79A33f950b90C7d07E66950daedf868BD0cDcF96
Optimism0x79A33f950b90C7d07E66950daedf868BD0cDcF96
Arbitrum0x79A33f950b90C7d07E66950daedf868BD0cDcF96
Base0x79A33f950b90C7d07E66950daedf868BD0cDcF96
DefaultReceiverEthereumDefault fallback receiver for smart wallet transactions.
Handles ETH and token transfers when no specific handler exists.		0x2a8010A9D71D2a5AEA19D040F8b4797789A194a9
Base0x2a8010A9D71D2a5AEA19D040F8b4797789A194a9
Arbitrum0x2a8010A9D71D2a5AEA19D040F8b4797789A194a9
Optimism0x2a8010A9D71D2a5AEA19D040F8b4797789A194a9
MagicSpendBaseERC-4337 paymaster contract with gasless transaction support.
Enables sponsored transactions and flexible payment methods.		0x736b661a643B57F11d131CB3Ae6129C22ea02843
Base0xe1D39a19Af4319eBA972fd70A5280CA0aE7cA0AC
Base0xF7F64baDcbf64A1DbcAE29C223BE1387F8a301A0
Base0x485B2544745786FA2dD95B8C239f6CB3a63D198d
Base0xa5b50A9ed69811aFA07151b3B98b8F6B58C5c28A
Base0x325A4Af669032B6b1296C3084f8070D04F9AD581
Base0xd27D5277215754dc84C8e0736D8fef2Ed39d92F3
Base0x53899E2B6C6202C5Eb4F229DA1294F17A0C3876e
Base0x7d334106dAa009Ef62CBd34C1624Bee2277bA735
Base0xfb1A43620c648A43eEE7bc112db5F2498e619DC5
Base0x1d3F02EF7D6881C5018863d740c026639aC7fa41
Base0xbd25CE451C24554f53D984b8C64B7A0aBC5FDbB5
Base0x5c77CF220dFA3dBBB052D9b4934E61d69cb393a5
TokenFactoryBaseFactory contract for creating and deploying new tokens.
Simplifies token creation with standard templates.		0x0000C479718a45e3D80b9A71C17b2E954CfA1515
SmartWalletFactoryBaseFactory contract for deploying Coinbase Smart Wallets.
Handles wallet creation and initialization logic.		0x0BA5ED0c6AA8c49038F819E587E2633c4A9F428a
VerifyingPaymaster V7BaseLatest version of verifying paymaster with enhanced security.
Validates transactions before sponsoring gas fees.		0x2FAEB0760D4230Ef2aC21496Bb4F0b47D634FD4c
VerifyingPaymaster V6BasePrevious version of verifying paymaster for compatibility.
Legacy gas sponsorship with basic verification.		0xa270ef92c1E11f1C1f95753C2E56801e8125fA83

Coinbase's validator staking infrastructure

AssetChainDescriptionContracts
BatchDepositEthereumBatch staking deposit contract for efficiency.
Allows multiple validator deposits in single transaction.		0x8eBda19DdEE719DAB78DEf3e22c3d37970e35217

Commerce Payments

AssetChainDescriptionContracts
AuthCaptureEscrowBaseAuthorized payment capture and escrow management.
Securely holds payments pending authorization.		0xBdEA0D1bcC5966192B070Fdf62aB4EF5b4420cff
ERC3009PaymentCollectorBaseERC-3009 compliant payment collection contract.
Handles gasless payments using transferWithAuthorization.		0x0E3dF9510de65469C4518D7843919c0b8C7A7757
Permit2PaymentCollectorBaseUniswap Permit2 compatible payment collector.
Enables gasless token transfers with signature-based permits.		0x992476B9Ee81d52a5BdA0622C333938D0Af0aB26
PreApprovalPaymentCollectorBasePre-approved payment collection contract.
Collects payments from pre-authorized token allowances.		0x1b77ABd71FCD21fbe2398AE821Aa27D1E6B94bC6
SpendPermissionPaymentCollectorBaseSpend permission-based payment collector.
Manages payments through spend permission authorization.		0x8d9F34934dc9619e5DC3Df27D0A40b4A744E7eAa
OperatorRefundCollectorBaseOperator refund collection and processing contract.
Handles automated refunds for failed payment operations.		0x934907bffd0901b6A21e398B9C53A4A38F02fa5d

DEX Aggregator

AssetChainDescriptionContracts
ZeroExProxyEthereum0x Protocol proxy contract for DEX aggregation.
Routes trades through multiple decentralized exchanges.		0x564d6e3A879c007183fAd17beD9A70630F090651
ZeroExProxyBase0x Protocol proxy contract for DEX aggregation.
Routes trades through multiple decentralized exchanges.		0x29ef818a2A9d182Fa9A9D27d61881a239fa03E4B

EIP-7702

AssetChainDescriptionContracts
EIP7702ProxyEthereumEIP-7702 account abstraction proxy implementation.
Enables externally owned accounts to delegate to smart contracts.		0x7702cb554e6bFb442cb743A7dF23154544a7176C
Arbitrum0x7702cb554e6bFb442cb743A7dF23154544a7176C
NonceTrackerEthereumNonce tracking for EIP-7702 implementations.
Manages transaction nonces for account abstraction.		0xD0Ff13c28679FDd75Bc09c0a430a0089bf8b95a8
Optimism0xD0Ff13c28679FDd75Bc09c0a430a0089bf8b95a8
Base0xD0Ff13c28679FDd75Bc09c0a430a0089bf8b95a8
Arbitrum0xD0Ff13c28679FDd75Bc09c0a430a0089bf8b95a8

Spend Permissions

AssetChainDescriptionContracts
SpendPermissionManagerEthereumManages spending permissions for delegated transfers.
Enables secure authorization of spending limits and approvals.		0xf85210B21cC50302F477BA56686d2019dC9b67Ad
PublicERC6492ValidatorEthereumERC-6492 signature validation for smart contract wallets.
Validates signatures for undeployed contracts and counterfactual addresses.		0xcfCE48B757601F3f351CB6f434CB0517aEEE293D
SpendPermissionManagerBaseManages spending permissions for delegated transfers.
Enables secure authorization of spending limits and approvals.		0xf85210B21cC50302F477BA56686d2019dC9b67Ad
PublicERC6492ValidatorBaseERC-6492 signature validation for smart contract wallets.
Validates signatures for undeployed contracts and counterfactual addresses.		0xcfCE48B757601F3f351CB6f434CB0517aEEE293D
SpendPermissionManagerOptimismManages spending permissions for delegated transfers.
Enables secure authorization of spending limits and approvals.		0xf85210B21cC50302F477BA56686d2019dC9b67Ad
PublicERC6492ValidatorOptimismERC-6492 signature validation for smart contract wallets.
Validates signatures for undeployed contracts and counterfactual addresses.		0xcfCE48B757601F3f351CB6f434CB0517aEEE293D
SpendPermissionManagerArbitrumManages spending permissions for delegated transfers.
Enables secure authorization of spending limits and approvals.		0xf85210B21cC50302F477BA56686d2019dC9b67Ad
PublicERC6492ValidatorArbitrumERC-6492 signature validation for smart contract wallets.
Validates signatures for undeployed contracts and counterfactual addresses.		0xcfCE48B757601F3f351CB6f434CB0517aEEE293D
SpendPermissionManagerPolygonManages spending permissions for delegated transfers.
Enables secure authorization of spending limits and approvals.		0xf85210B21cC50302F477BA56686d2019dC9b67Ad
PublicERC6492ValidatorPolygonERC-6492 signature validation for smart contract wallets.
Validates signatures for undeployed contracts and counterfactual addresses.		0xcfCE48B757601F3f351CB6f434CB0517aEEE293D

Verified Pools

AssetChainDescriptionContracts
SignatureCheckerBaseSignature verification for pool operations.
Validates signatures for authorized pool interactions.		0x2D04d1743BaB35B13841A466788479c591E01381
VerifiedPoolsBasicHookBaseBasic hook implementation for verified pools.
Provides customizable pool behavior and validation logic.		0x5cd525c621AFCa515Bf58631D4733fbA7B72Aae4
VerifiedPoolsPositionManagerBasePosition management for verified liquidity pools.
Handles liquidity positions and fee collection for verified pools.		0x043ac8DBd2F0e932800210260f207806650C6145
VerifiedPoolsPositionDescriptorBaseNFT descriptor for verified pool positions.
Generates metadata and visuals for liquidity position NFTs.		0x0705717527934a1E10e5328A0B92462c8eB1A28F
RemoveLiquidityPolicyBasePolicy contract for liquidity removal operations.
Enforces rules and restrictions for withdrawing liquidity.		0x071fF6D93895c8E6537C572a6D40CF47c36aBed7
BasicPolicyBaseBasic policy implementation for pool operations.
Defines standard rules for verified pool interactions.		0xcC7fE2Cf5B79F3EFaBF42caC8E223813242E1454

Wrapped Token (ADA)

AssetChainDescriptionContracts
coinbase wrapped ada Mint ForwarderBaseMint forwarder for Coinbase wrapped Cardano (cbADA).
Manages cross-chain minting and burning of wrapped ADA tokens.		0x8c44C6a9ee7e64a65F288714d1Bb8043Cf0f3C5C
coinbase wrapped adaBaseCoinbase wrapped Cardano token (cbADA).
ERC20 representation of ADA bridged to Base network.		0xcbADA732173e39521CDBE8bf59a6Dc85A9fc7b8c

Wrapped Token (DOGE)

AssetChainDescriptionContracts
coinbase wrapped doge Mint ForwarderBaseMint forwarder for Coinbase wrapped Dogecoin (cbDOGE).
Manages cross-chain minting and burning of wrapped DOGE tokens.		0x0549899a89e661044f9E7a1B76A157d407D85163
coinbase wrapped dogeBaseCoinbase wrapped Dogecoin token (cbDOGE).
ERC20 representation of DOGE bridged to Base network.		0xcbD06E5A2B0C65597161de254AA074E489dEb510

Wrapped Token (LTC)

AssetChainDescriptionContracts
coinbase wrapped ltc Mint ForwarderBaseMint forwarder for Coinbase wrapped Litecoin (cbLTC).
Manages cross-chain minting and burning of wrapped LTC tokens.		0x423077A24c3019E3A291bE2D29a34A4D97AA2DeD
coinbase wrapped ltcBaseCoinbase wrapped Litecoin token (cbLTC).
ERC20 representation of LTC bridged to Base network.		0xcb17C9Db87B595717C857a08468793f5bAb6445F

Wrapped Token (XRP)

AssetChainDescriptionContracts
coinbase wrapped xrp Mint ForwarderBaseMint forwarder for Coinbase wrapped XRP (cbXRP).
Manages cross-chain minting and burning of wrapped XRP tokens.		0x2ebDCFaCCB0c3B6039Dd8C7c30bF633ACE8c268C
coinbase wrapped xrpBaseCoinbase wrapped XRP token (cbXRP).
ERC20 representation of XRP bridged to Base network.		0xcb585250f852C6c6bf90434AB21A00f02833a4af

Wrapped Tokens

AssetChainDescriptionContracts
TokenFactoryBaseFactory contract for deploying wrapped token contracts.
Creates standardized ERC20 tokens for cross-chain asset bridging.		0x0000D340e876e1De249CcA0FD91d91aE612741E8
Base0x00003f0f758054D91430AFC79b8666fbA06ccB2c
Base0x0000955334545d3c2bdECE50C7F3877054F4dCF7
Base0x000036624A21E2047D28449989A943c64b5210d0
Base0x00005721895c940fe1066B147358cE6d31A31378
Base0x0000B216f5011f882604D2cFa295A83d77025727
Base0x0000DfcD0263aC062b3fC7A17aBd1f0407f389A6
Ethereum0x00000000001c3dC9A681A014e2732bF1419aFAec
Base0x00000000001c3dC9A681A014e2732bF1419aFAec
MintForwarderFactoryBaseFactory for deploying mint forwarder contracts.
Creates proxy contracts that manage minting permissions and operations.		0x000054fCEAB4632B9c8B7fd20cE9790352426716
Base0x0000FF0b7Fdf0449c0761356680c0516fD76c0f5
Base0x0000F4E1b81A88A7b1732a4A5FdfaA4999F45075
Base0x00001962896d81F18Bca192a2Bc90f85b5478698
Base0x0000Bfaa45AA7352D7A5b151D34f4EFc096E9Cf6
Base0x0000Efa3D0485d3E0B6A48adE0d61a59451f648f
Base0x00002027199E51Ce5648E56F0F003759e3D7b16e
Base0x0000c1c5F00bD1843b6c1703eA1F457a2Bb5c457
Ethereum0x0000000000E552550beC95A36217A91CeBA099b0
Base0x0000000000E552550beC95A36217A91CeBA099b0
BatchBlacklisterBaseBatch blacklisting of addresses on FiatToken contracts.
Efficiently blacklists multiple addresses in a single transaction.		0x20F25adf31BD5Ed53367293C6926bF1AdfC7Ea54
Base0x76D62719c6A7766c8478B46f995E99AD4675d86a
Base0x17165086067fc58a04CB8E9dA5B6917B6f23f109
Base0xA9A4408db72F168c5b0bf413b369824450517126
Base0x4d5b3aca5968f7075F023d2A7AA830358C3c2b48
Base0xE3111D45733Efee14bFB1EbE2364D929eDBd9059
Base0xadab385DFD0bB2c21E292c5F586471a2878A101e
Base0x0C8B7E98b39aA7983D2444661805a628E8A041DB
Base0xF903f3A8B30a7b645e76DB8511b4121cc96160EB
Ethereum0xF903f3A8B30a7b645e76DB8511b4121cc96160EB
BatchBlacklisterV2BaseEnhanced batch blacklisting with additional features.
Improved version with optimized gas usage and extended functionality.		0xa0BF66C54002cEb15aB6E8423EebB994E8b2f7FE
Ethereum0xE34Fd8e02815125aB0947434e42978a8A4e70906
Arbitrum0x63d7212C0503b04BdC2BCCe90fe26800859F2f81
MintFactoryFreeBaseFree tier factory for token minting operations.
No-fee deployment option for basic mintable token contracts.		0x5da05215acA9eDBE27CBDCE86888986E4b4c996F
MintFactoryBaseFactory contract for deploying mintable token contracts.
Manages creation and configuration of custom ERC20 tokens with minting capabilities.		0x20e26eD291B85A44A6Eb9b0D336512b53fd93092
Base0x560aa3207ae4b516A5489E04f2Fa2e2808CEa896
MintFactoryCreatorBaseMeta-factory for creating MintFactory instances.
Deploys and manages multiple mint factory contracts with custom configurations.		0xAeb73b6C8ed3776EA6b9284082588c55E35e1b27
Base0x52d443855E4d15dc47d323fA94e7d92342d3Eb57

Liqufi

AssetChainDescriptionContracts
WeightedTokenVestingLockupEthereumToken vesting contract with weighted release schedules.
Supports time-based and milestone-based unlocking.		0xb7486B5bd2d14714950B082EafebE9822a1d96eE
Arbitrum0xaa861940DD2ED2fE4a3108E51f7f117bb6798E65
Avalanche0xB487A8739AA114178C5aA5608eF1D2fc26D17A9e
Base0x2A06274c976C4db9CbaF702B559E0B5765D07b0d
Polygon0x9efea6f63d583624E5a459D680D3A27Adf6C570d
Optimism0x16879Ca809e8CA2783d89C2Ee830671A8C348230
WeightedTokenVestingLockupFactoryEthereumFactory contract for deploying WeightedTokenVestingLockup instances.
Streamlines creation of new vesting schedules.		0x341251e680fB0FD4f47aD4dC1AD61C3bE5142d0e
Arbitrum0xD42eA6a51ec16c0Cb581695343F9F3d652d98945
Avalanche0x5bFd3bDFf68346909d352757055e98f2654a3c10
Base0x08c1820bA6A0B88eB1f3E3eC7C9B8cf85E63C6FC
Polygon0xc7284314593e952717b6a0b78766887b37fb1720
Optimism0x85F2A6BB58E52c9189fD8748790C5059508FBDc1
WeightedVestingModuleEthereumModular vesting component with customizable weight parameters.
Enables complex vesting logic integration.		0xc76B81D835A6Ef88fb9b841C22Ed492473577aC3
Arbitrum0xF3D74Bc4E97aD56DDcB0576629c360fB40A871e2
BNB Smart Chain0x3065aa025a27B42B98E43a5fF7B3965c0174D1bD
Avalanche0xD85d9Cd1E453AeE54e448Cef4941F0718922a672
Base0xcc93eb838F061A375A37d0d65E8D68f15e9D07E5
Polygon0x595db8eCa8d64f28A57D5F240204FDc8AdbCb8c7
Optimism0x848E9743b6D0aC5614f6427d94fEd295Fe393b6d
VestingModuleRegistryEthereumCentral registry for managing and discovering vesting modules.
Enables governance and upgrade capabilities.		0x782F402C93E9b0d931197cD727e006356B55699d
Arbitrum0x6A46c2411e6FD9205D44b82C5B32B2Db7C150263
BNB Smart Chain0x208F9c3Ca561977ee49AB84E2243c1531a265bd1
Avalanche0xE57499B85448582a0bFd486283a0a023581D2778
Base0x674A3Ab5d2be0dA09bF1662E1f9827bdDA3d103F
Polygon0x00F849ca595cFa7CeCd052E77e9d152618333E8E
Optimism0xC34c1643c4C2488315Dc709FCB5ABc6b4E3dE6C7
BatchPaymentsEthereumEfficient batch payment processor for multiple recipients.
Reduces gas costs for bulk token distributions.		0x39C4B71D53Db0B6B647fe5013608eeA292db4A73
Arbitrum0x39C4B71D53Db0B6B647fe5013608eeA292db4A73
BNB Smart Chain0x39C4B71D53Db0B6B647fe5013608eeA292db4A73
Avalanche0x39C4B71D53Db0B6B647fe5013608eeA292db4A73
Base0x834297cAF503d9455395A62336e653FCf2234962
Polygon0x39C4B71D53Db0B6B647fe5013608eeA292db4A73
Optimism0x39C4B71D53Db0B6B647fe5013608eeA292db4A73
WeightedTokenVesting (v1)BNB Smart ChainLegacy v1 token vesting contract with basic functionality.
Superseded by newer lockup versions.		0x674A3Ab5d2be0dA09bF1662E1f9827bdDA3d103F
WeightedTokenVestingFactory (v1)BNB Smart ChainLegacy v1 factory for creating basic vesting contracts.
Superseded by newer factory versions.		0x834297cAF503d9455395A62336e653FCf2234962

Out of scope

Out of scope targets

The following types of contracts will not be in scope:

  • Contracts deployed on testnets and devnets
  • Contracts deployed on mainnet for testing purposes
  • Contracts deployed on mainnet for internal use
  • Third-party dependencies of any of our contracts
  • Third-party contracts that may be used by Coinbase to provide certain services

Default out of scope

  • Issues found in previous security reviews
  • Third-party contracts not under direct project control
  • Issues with non-standard ERC20 tokens (unless explicitly supported by the project)
  • Rounding errors with no significant impact
  • User errors requiring obviously incorrect parameter inputs
  • Vulnerabilities that only manifest during extreme market conditions
  • Incorrect data from third-party oracles
    • Note: Oracle manipulation and flash loan attacks are still in scope
  • Theoretical exploits without practical proof-of-concept
  • Issues requiring access to leaked keys or credentials
  • Issues arising from Sybil attacks
  • Centralization risks
  • Basic economic and governance attacks (such as 51% attacks)
  • Protocol design choices
  • Gas optimization issues and high gas costs
  • Best practice suggestions
  • Submissions generated using ChatGPT or other LLM tools