# Bug Bounty ## Bug Bounty Program The bug bounty program is hosted on [Immunefi](https://immunefi.com/bug-bounty/enzyme-onyx). All submissions must follow Immuenfi and program rules. ## Out-of-scope In addition to Immunefi scope rules, the following are considered out-of-scope: * everything noted in this document set (e.g., [risks-and-limitations](https://docs.enzyme.finance/onyx-protocol/security/risks-and-limitations "mention")) * everything noted in [audit reports](https://github.com/enzymefinance/protocol-onyx/tree/main/audits) * everything noted in QA reports \[link forthcoming] * user error; i.e., inadequate inputs or config, lack of mechanism understanding, etc (see below) * unrealistic fund state (see below) ### Examples of out-of-scope "user error" Onyx is designed for flexibility of different setups and administrative needs. The `admin` role is often tasked with ensuring fairness, avoidance of denial-of-service (DoS) and similar ill effects, executing steps in order, and otherwise following manual processes to achieve desired results (e.g., [suggested-subscription-rounds](https://docs.enzyme.finance/onyx-protocol/general-flows/suggested-subscription-rounds "mention")). #### Example: deposit and redeem handler DoS due to request cancelations Some deposit and redeem handlers (e.g., `ERC7540LikeDepositQueue` and `ERC7540LikeRedeemQueue`) use a `minRequestDuration`, where a request is cancelable after `minRequestDuration` has elapsed. As long as `minRequestDuration` is always set adequately (i.e., greater than the maximum time between batches), there will never be a cancelation DoS opportunity. #### Example: deposit and redeem handler DoS due to small amounts that round to 0 shares `admin` has full control to omit requests with amounts that are considered too small. #### Example: share price staleness/fairness/etc during deposit or redemption `admin` has full control over the price at which deposits and redemptions are executed, and it must be part of their process to validate that the currently-set share price is adequate for any action according to their needs. #### Example: failure to initialize contract Contracts are always expected to be properly-initialized, and all proxies are always deployed with their init data bundled into the same call. ### Examples of "unrealistic fund state" Onyx vaults are assumed to operate within common-sense constraints for how managed funds work. Closely related to [#examples-of-out-of-scope-user-error](#examples-of-out-of-scope-user-error "mention"). #### Example: more debt than assets A reasonable managed fund cannot take on more debt than assets such that `share value <= 0`. #### Example: shares totalSupply > 0 when share value == 0 At the point where a fund truly loses all assets (e.g., hack, violent value deprecation that rounds to 0) and shares have no value, a fund would shut down rather than, e.g., accept new depositors who immediately get diluted by the shares totalSupply. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enzyme.finance/onyx-protocol/security/bug-bounty.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.