Program Overview

Scroll is an EVM-compatible zk-Rollup built to scale the Ethereum network. Our goal is to provide users with near instant and cost efficient transactions while also upholding the high security properties offered by the Ethereum network.

For more information about Scroll, please visit https://scroll.io/

Reward Amounts

Blockchain / DLT

• Critical: $50,000 -$1,000,000
• High: $10,000 -$50,000

The reward is dependent on the ratio between the funds at risk, which includes all affected projects on top of the respective blockchain/DLT, and the market cap according to the average between CoinMarketCap.com and CoinGecko.com, calculated at the time the bug report is submitted.

Smart Contract

• Critical: $50,000 -$1,000,000
• High: $10,000 -$50,000
• Medium: $5,000 (flat)

Rewards are distributed according to the impact the vulnerability could otherwise cause based on the Impacts in Scope table further below.

Severity Definitions

Critical Definition

• Definite and significant loss of funds without limitations of external conditions
• Definite and significant freezing of funds for >1 year without limitations of external conditions

High Definition

• Direct loss of funds without (extensive) limitations of external conditions. The loss of the affected party must be considerable.

Guidelines for Considerable Loss:

• Users lose more than 1% and more than $10 of their principal.
• Users lose more than 1% and more than $10 of their yield.
• The protocol loses more than 1% and more than $10 of the fees.

Medium Definition

• Causes a loss of funds but requires certain external conditions or specific states, or a loss is highly constrained. The loss must be relevant to the affected party.
• Breaks core contract functionality, rendering the contract useless or leading to loss of funds that are relevant to the affected party.

Guidelines for Relevant Loss:

• Users lose more than 0.01% and more than $10 of their principal.
• Users lose more than 0.01% and more than $10 of their yield.
• The protocol loses more than 0.01% and more than $10 of the fees.

Reward Calculation for Critical Level Reports

For critical Blockchain/DLT bugs, the reward is dependent on the ratio between the funds at risk, which includes all affected projects on top of the respective blockchain/DLT, and the market cap according to the average between CoinMarketCap.com and CoinGecko.com calculated at the time the bug report is submitted. However, a minimum reward of USD $50,000 is to be rewarded in order to incentivize security researchers against withholding on a bug report.

This ratio is known as the “risk ratio”, i.e.: Risk Ratio = Funds at Risk / Scroll Market Cap

The reward is then calculated linearly from 0:1 to 1:1, where 1:1 results in a reward of USD $1,000,000. In the event of where the funds at risk are greater than the market cap, the maximum reward remains as the hard cap.

For critical Smart Contract bugs, the reward amount is 10% of the funds directly affected, with a maximum reward amount of USD $1,000,000. The calculation of the amount of funds at risk is based on the time and date the bug report is submitted. However, a minimum reward of USD$50,000 is to be rewarded in order to incentivize security researchers against withholding a bug report.

Reward Calculation for High Level Reports

High smart contract vulnerabilities have a reward amount of 100% of the funds affected, subject to repeatable attacks and feasibility limitations with a maximum cap of USD $50,000.

Repeatable Attack Limitations

In cases of repeatable attacks for blockchain/DLT bugs, only the first attack is considered if the component where the vulnerability exists can be upgraded, paused, or killed. If the attack impacts a component directly holding funds that cannot be upgraded, paused, or killed, the amount of funds at risk will be calculated with the first attack being at 100% of the funds at actual risk. A reduction of 25% from the first amount of the first attack for every 1 hour the attack needs for subsequent attacks from the first attack, rounded down. For avoidance of doubt, if a second attack would happen at 2 hours and then a third at 3 hours, the additional rewards would be counted at 50% and 75% reduction of the reward from the first attack, respectively.

In cases of repeatable attacks for smart contract bugs, only the first attack is considered if the smart contracts where the vulnerability exists can be upgraded, paused, or killed. If the attack impacts a smart contract directly holding funds that cannot be upgraded or paused, the amount of funds at risk will be calculated with the first attack being at 100% of the funds that could be stolen and then a reduction of 25% from the amount of the first attack for every 300 blocks the attack needs for subsequent attacks from the first attack, rounded down. For avoidance of doubt, if a second attack would happen at 600 blocks and then a third at 900 blocks, the additional rewards would be counted at 50% and 75% reduction of the reward from the first attack, respectively.

Restrictions on Security Researcher Eligibility

Security researchers who fall under any of the following are ineligible for a reward

Current and past employees, vendors (auditors), partners and contractors are not eligible to participate in the bug bounty program

Previous Audits

Scroll has provided these completed audit review reports for reference. Any unfixed vulnerability mentioned in these reports are not eligible for a reward.

• Blockchain
  • zkTrie (Trail of Bits)
  • L2geth (Trail of Bits)
  • L2geth diff (Trail of Bits)
  • ZkEVM EIP-4844 Blob Support
• Smart Contracts

  • OpenZeppelin Phase 1

  • OpenZeppelin Phase 2

  • OpenZeppelin GasSwap, Multiple Verifier, Wrapped Ether and Diff

  • OpenZeppelin ScrollOwner and Rate Limiter

  • OpenZeppelin USDC Gateway

  • OpenZeppelin contract diff

  • OpenZeppelin Bridge Gas Optimizations

  • OpenZeppelin ZKTrie Verifier

  • OpenZeppelin EIP-4844

  • OpenZeppelin Batch Token Bridge

  • Zellic v1

  • Zellic v2

  • Scroll Lido Gateway - Zellic

  • ScrollOwner and Rate Limiter Audit

  • Scroll Euclid Upgrade Phase 1 (Trail Of Bits)

  • Scroll Euclid Upgrade Phase 2 (Trail Of Bits)

General Notes

• Sherlock’s Criteria for Issue Validity guide (used in Sherlock audit contests) can be a helpful resource for more context on out-of-scope issues, etc. but nothing in the guide should overrule the definitions above
• A coded Proof of Concept (POC) with instructions to run the POC is required
• If the protocol team has the ability to take measures (upgrade the contract, pause the contract, etc.) against an exploit, the potential damage is limited to a 1-hour exploit period before it is assumed that the protocol team takes measures to prevent further damage

Out of Scope

• Best practice recommendations.

• Problems caused by L1 Gas Pricing.

• Logic errors with rebase tokens and interest-bearing tokens.

• Attacks related to deposit and withdraw limits

• Issues that affect geth (upstream) and are not caused by changes made in the scroll implementation

• Freezing of own funds due to mistaken operation

• Throttling or suppression of operations without loss of user funds

Platform Rules

Please review the Sherlock Bug Bounty Platform Rules before submitting any vulnerability.

Additional Prohibited Activities

• Throttling or suppression of operations without loss of user funds
• Issues related to code/components already being deprecated prior to the bug bounty submission will be evaluated on a case-by-case basis.
• Issues related to JSON-RPC

Protocol Resources

• Scroll org repos
• Scroll documentation