Oasis Protocol Foundation

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.testnet.oasiscloud.io URL critical
Domains
github.com/oasislabs/bsaes.js URL critical
Libraries
github.com/oasislabs/deoxysii URL critical
Libraries
github.com/oasislabs/deoxysii-rust URL critical
Libraries
github.com/oasislabs/ed25519 URL critical
Libraries
github.com/oasislabs/oasis-cli URL critical
Smart Contract Development Software
github.com/oasislabs/oasis-core URL critical
Blockchain Software
github.com/oasislabs/oasis-rs URL critical
Smart Contract Development Software
github.com/oasislabs/oasis-runtime URL critical
Blockchain Software
github.com/oasislabs/oasis.js URL critical
Smart Contract Development Software

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Not in Scope OTHER none
* Vulnerabilities in SGX hardware that cannot be fixed with software refactors * The Oasis Labs Website (oasislabs.com) * Oasis Labs Dashboard (dashboard.oasiscloud.io) ###Domains * *.oasiscloud.io (except *.testnet.oasiscloud.io) * *.oasislabs.com ###Deprecated Libraries * github.com/oasislabs/web3c.js * Layer 3/Layer 4 DoS attacks on testnet infrastructure * Social Engineering Attacks on Oasis Labs staff * Operational vulnerabilities related to any node operator of a testnet or the mainnet