From eaa7858000d9a61fd52b001ad20d6047f0b32eaa Mon Sep 17 00:00:00 2001 From: isabelle Date: Thu, 20 Jun 2024 12:08:58 -0400 Subject: [PATCH 1/3] security nit --- .../en/technology/security/audits-and-bug-bounty.mdx | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx index 6f6d5d28b..00c1c8425 100644 --- a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx +++ b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx @@ -17,6 +17,12 @@ Aside from rigorous testing, an internal security team, and comprehensive code r exception. We encourage users to use the protocol with caution and at their own risk. +### Scope + +The scope of the bug bounty program covers the blockchain infrastructure and the smart contracts for bridging and rollup. For a detailed breakdown of bug categories, please refer to the bug bounty page. + +Besides the listed scopes in the bug bounty program, we also encourage reporting any vulnerabilities identified to Immunefi, which we will still consider for rewards. For any discoveries of critical vulnerabilities outside of the scope of the bug bounty program, please also send reports to security@scroll.io. + ## Independent Audits Scroll has worked with several industry-leading security audit firms to review our codebase, with critical code receiving reviews from multiple teams, including [Trail of Bits](https://www.trailofbits.com/), [OpenZeppelin](https://www.openzeppelin.com/), [Zellic](https://www.zellic.io/), and [KALOS](https://www.kalos.xyz/). @@ -73,9 +79,3 @@ Rewards depend on the severity of reported vulnerabilities: - **Critical**: up to \$1,000,000 - **High**: \$10,000 - \$50,000 - **Medium**: \$5,000 - -### Scope - -The scope of the bug bounty program covers the blockchain infrastructure and the smart contracts for bridging and rollup. For a detailed breakdown of bug categories, please refer to the bug bounty page. - -Besides the listed scopes in the bug bounty program, we also encourage reporting any vulnerabilities identified to Immunefi, which we will still consider for rewards. For any discoveries of critical vulnerabilities outside of the scope of the bug bounty program, please also send reports to security@scroll.io. From 403edeccb7fb670723ed3d6345f034fc5a1347c0 Mon Sep 17 00:00:00 2001 From: isabelle Date: Thu, 20 Jun 2024 15:43:13 -0400 Subject: [PATCH 2/3] move contact info into highlight --- .../security/audits-and-bug-bounty.mdx | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx index 00c1c8425..6dcb3174c 100644 --- a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx +++ b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx @@ -8,6 +8,10 @@ permalink: "technology/security/audits-and-bug-bounty" import Aside from "../../../../../components/Aside.astro" + + Scroll treats security as a top priority. Aside from rigorous testing, an internal security team, and comprehensive code reviews, we have also engaged with multiple security audit firms to conduct audits on our codebase. We have also launched a bug bounty program to encourage the community to participate in the security of our protocol. @@ -17,12 +21,6 @@ Aside from rigorous testing, an internal security team, and comprehensive code r exception. We encourage users to use the protocol with caution and at their own risk. -### Scope - -The scope of the bug bounty program covers the blockchain infrastructure and the smart contracts for bridging and rollup. For a detailed breakdown of bug categories, please refer to the bug bounty page. - -Besides the listed scopes in the bug bounty program, we also encourage reporting any vulnerabilities identified to Immunefi, which we will still consider for rewards. For any discoveries of critical vulnerabilities outside of the scope of the bug bounty program, please also send reports to security@scroll.io. - ## Independent Audits Scroll has worked with several industry-leading security audit firms to review our codebase, with critical code receiving reviews from multiple teams, including [Trail of Bits](https://www.trailofbits.com/), [OpenZeppelin](https://www.openzeppelin.com/), [Zellic](https://www.zellic.io/), and [KALOS](https://www.kalos.xyz/). @@ -79,3 +77,9 @@ Rewards depend on the severity of reported vulnerabilities: - **Critical**: up to \$1,000,000 - **High**: \$10,000 - \$50,000 - **Medium**: \$5,000 + +### Scope + +The scope of the bug bounty program covers the blockchain infrastructure and the smart contracts for bridging and rollup. For a detailed breakdown of bug categories, please refer to the bug bounty page. + +Besides the listed scopes in the bug bounty program, we also encourage reporting any vulnerabilities identified to Immunefi, which we will still consider for rewards. From 2055873281cf291f9cb5495720ae24ce4f21dbed Mon Sep 17 00:00:00 2001 From: isabelle Date: Thu, 20 Jun 2024 15:45:42 -0400 Subject: [PATCH 3/3] change Aside type --- .../docs/en/technology/security/audits-and-bug-bounty.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx index 6dcb3174c..c6a5482dc 100644 --- a/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx +++ b/src/content/docs/en/technology/security/audits-and-bug-bounty.mdx @@ -8,7 +8,7 @@ permalink: "technology/security/audits-and-bug-bounty" import Aside from "../../../../../components/Aside.astro" -