There is nothing more important for an Oracle protocol than security. This is why we designed Chronicle as a decentralized protocol, ensuring no single actor has the power to maliciously manipulate the network.
It’s also why we have commissioned some of the best and most professional auditing bodies in the industry to test it: Chain Security, Spearbit, and ABDK have performed multiple audits on every element of Chronicle Protocol, particularly Scribe, our new and groundbreaking blockchain Oracle design.
However, our commitment to decentralization goes beyond infra. There is power in the decentralization of security auditing too, which is why we have commissioned an ongoing bug bounty with Cantina.
Discoveries will be rewarded
There is no end date for this bug bounty, and the smart contracts in scope are related to our new and novel Oracle architecture, Scribe.
Discoveries with high impact or high likelihood severity will be rewarded up to $50,000 USD, and discoveries with medium likelihood or medium impact severity will be rewarded up to $30,000 USD and $10,000 USD.
Welcome @ChronicleLabs to the Cantina 🪐
— Cantina 🪐 (@cantinaxyz) May 1, 2024
Chronicle Labs will be conducting a bug bounty with a total pot size of $50,000 USD.
Start hunting researchers,
Bounty link below! pic.twitter.com/9rYqN4zpH1
Of particular interest to us are discoveries around:
- Unauthorized auth access
- Unauthorized addition or removal of validator (also known as a feed)
- Being able to report a malicious price update
- Constructing a non-challengeable, invalid opPoke
- No "special" evm assumptions, i.e. evm fragmentation is a big issue and we want Scribe to be deployable on L2s, etc without adjustments
Dive into the details and join the bug bounty via the Cantina page here:
