Scope:

https://github.com/hedgey-finance

Forwarder contracts path
ERC721Delegate/ERC721Delegate.sol
LockupPlans/TokenLockupPlans.sol
LockupPlans/VotingTokenLockupPlans.sol
LockupPlans/NonTransferable/TokenLockupPlans_Bound.sol
Periphery/BatchPlanner.sol
VestingPlans/TokenVestingPlans.sol
VestingPlans/VotingTokenVestingPlans.sol
libraries/TimelockLibrary.sol
libraries/TransferHelper.sol
sharedContracts/LockupStorage.sol
sharedContracts/PlanDelegator.sol
sharedContracts/URIAdmin.sol
sharedContracts/VestingStorage.sol
sharedContracts/VotingVault.sol

Vesting Locks
ERC721Delegate/ERC721Delegate.sol
ERC721Delegate/PlanDelegator.sol
libraries/TransferHelper.sol
libraries/UnlockLibrary.sol
periphery/BatchCreator.sol
periphery/VotingVault.sol
TokenVestingLock.sol

Delegated Token claims
DelegatedClaimCampaigns.sol
libraries/TransferHelper.sol

Rules and Requirements:

• Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
• Any testing with pricing oracles or third party smart contracts
• Attempting phishing or other social engineering attacks against our employees and/or customers
• Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
• Any denial of service attacks
• Automated testing of services that generates significant amounts of traffic
• Public disclosure of an unpatched vulnerability in an embargoed bounty Disclosure Policy & Guidelines
• As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
• No vulnerability disclosure, including partial, is allowed for the moment.
• Please do NOT publish/discuss bugs