Smart Contracts:

misc/MeldProtocolDataProvider.sol
configuration/AddressesProvider.sol
yield-boost/YieldBoostStorage.sol
yield-boost/YieldBoostStaking.sol
yield-boost/YieldBoostFactory.sol
oracles/lending-rate/LendingRateOracleAggregator.sol
oracles/lending-rate/MeldLendingRateOracle.sol
oracles/price/PriceOracleAggregator.sol
oracles/price/MeldPriceOracle.sol
oracles/price/SupraOracleAdapter.sol
libraries/configuration/UserConfiguration.sol
libraries/configuration/ReserveConfiguration.sol
libraries/yield-boost/YieldBoostRewardsLibrary.sol
libraries/types/DataTypes.sol
libraries/logic/GenericLogic.sol
libraries/logic/YieldBoostLogic.sol
libraries/logic/ReserveLogic.sol
libraries/logic/DepositLogic.sol
libraries/logic/LiquidationLogic.sol
libraries/logic/RepayLogic.sol
libraries/logic/ValidationLogic.sol
libraries/logic/FlashLoanLogic.sol
libraries/logic/WithdrawLogic.sol
libraries/logic/BorrowLogic.sol
libraries/math/MathUtils.sol
libraries/math/PercentageMath.sol
libraries/math/WadRayMath.sol
libraries/helpers/Errors.sol
libraries/helpers/Helpers.sol
tokenization/nft/MeldBankerNFT.sol
tokenization/nft/MeldBankerNFTMetadata.sol
tokenization/nft/MeldBankerNFTMinter.sol
tokenization/IncentivizedERC20.sol
tokenization/VariableDebtToken.sol
tokenization/StableDebtToken.sol
tokenization/base/DebtTokenBase.sol
tokenization/MToken.sol
lending/LendingPool.sol
lending/LendingPoolConfigurator.sol
lending/DefaultReserveInterestRateStrategy.sol
base/FlashLoanReceiverBase.sol
base/LendingBase.sol

Rules and Requirements:

• Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
• Any testing with pricing oracles or third party smart contracts
• Attempting phishing or other social engineering attacks against our employees and/or customers
• Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
• Any denial of service attacks
• Automated testing of services that generates significant amounts of traffic
• Public disclosure of an unpatched vulnerability in an embargoed bounty Disclosure Policy & Guidelines
• As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
• No vulnerability disclosure, including partial, is allowed for the moment.
• Please do NOT publish/discuss bugs