Meld Protocol
Solidity
MELD is a non-custodial DeFi protocol that bridges the gap between traditional finance and decentralized finance, offering secure and efficient cross-chain lending, borrowing, and staking services.
End date:
KYC:
Required
NO
Range of bounty
$1000 - $8,000
Severity
Critical
$1,000 - $8,000
High
$1,000 - $8,000
Medium
NA
Low
NA

Smart Contracts:

misc/MeldProtocolDataProvider.sol
configuration/AddressesProvider.sol
yield-boost/YieldBoostStorage.sol
yield-boost/YieldBoostStaking.sol
yield-boost/YieldBoostFactory.sol
oracles/lending-rate/LendingRateOracleAggregator.sol
oracles/lending-rate/MeldLendingRateOracle.sol
oracles/price/PriceOracleAggregator.sol
oracles/price/MeldPriceOracle.sol
oracles/price/SupraOracleAdapter.sol
libraries/configuration/UserConfiguration.sol
libraries/configuration/ReserveConfiguration.sol
libraries/yield-boost/YieldBoostRewardsLibrary.sol
libraries/types/DataTypes.sol
libraries/logic/GenericLogic.sol
libraries/logic/YieldBoostLogic.sol
libraries/logic/ReserveLogic.sol
libraries/logic/DepositLogic.sol
libraries/logic/LiquidationLogic.sol
libraries/logic/RepayLogic.sol
libraries/logic/ValidationLogic.sol
libraries/logic/FlashLoanLogic.sol
libraries/logic/WithdrawLogic.sol
libraries/logic/BorrowLogic.sol
libraries/math/MathUtils.sol
libraries/math/PercentageMath.sol
libraries/math/WadRayMath.sol
libraries/helpers/Errors.sol
libraries/helpers/Helpers.sol
tokenization/nft/MeldBankerNFT.sol
tokenization/nft/MeldBankerNFTMetadata.sol
tokenization/nft/MeldBankerNFTMinter.sol
tokenization/IncentivizedERC20.sol
tokenization/VariableDebtToken.sol
tokenization/StableDebtToken.sol
tokenization/base/DebtTokenBase.sol
tokenization/MToken.sol
lending/LendingPool.sol
lending/LendingPoolConfigurator.sol
lending/DefaultReserveInterestRateStrategy.sol
base/FlashLoanReceiverBase.sol
base/LendingBase.sol

Rules and Requirements:

  • Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
  • Any testing with pricing oracles or third party smart contracts
  • Attempting phishing or other social engineering attacks against our employees and/or customers
  • Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks)
  • Any denial of service attacks
  • Automated testing of services that generates significant amounts of traffic
  • Public disclosure of an unpatched vulnerability in an embargoed bounty Disclosure Policy & Guidelines
  • As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
  • No vulnerability disclosure, including partial, is allowed for the moment.
  • Please do NOT publish/discuss bugs