Instruction: MMM is an open source and secure AMM protocol on Solana. It enables the multi-pool (buy-side, sell-side, two-side) feature, and the extendable allowlist of the pool assets.
**In scope assets:**
* The most current tagged release of our production protocol are bounty eligible:
* https://github.com/coralcube-oss/mmm/releases/latest
**Explicitly:** This covers vulnerabilities for programs under (programs/mmm)
**Exclusions:**
* Phishing or any user interaction style of attacks
* Any attack that requires a user to interact with contract from an attacker controlled website
* Dependency issues with supporting tooling. This bounty scope focuses on the smart contracts.
* Versions in active development or collaboration and not yet deployed to production or released are exempt (In scope assets are those included under the most recent release)
* Chain specific vulnerabilities are excluded, e.g. EVM or Solana runtime issues.
* Mocks or assets under "mocks/"
Integrity requirements: high
Max severity: critical
Asset identifier: Magic Eden Open Source - Open Creator Protocol
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: **In scope assets:**
* The most current tagged release of our production smart contracts are bounty eligible:
* https://github.com/magiceden-oss/open_creator_protocol/releases/latest
* Eligible assets located within [programs/open_creator_protocol ](https://github.com/magiceden-oss/open_creator_protocol/tree/main/programs/open_creator_protocol )
**Explicitly:** This covers vulnerabilities that are purely executed on chain against the in scope contracts (mainnet only).
**Exclusions:**
* Phishing or any user interaction style of attacks
* Any attack that requires a user to interact with contract from an attacker controlled website
* Dependency issues with supporting tooling. This bounty scope focuses on the smart contracts.
* Contracts in active development or collaboration and not yet deployed to production or mainnet are exempt (In scope assets are those included under the most recent release)
* Chain specific vulnerabilities are excluded, e.g. EVM or Solana runtime issues.
* Mocks or assets under "mocks/"
Integrity requirements: high
Max severity: critical
Asset identifier: Magic Eden Open Source - Smart Contracts
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction: **In scope assets:**
* The most current tagged release of our production smart contracts are bounty eligible:
* https://github.com/magiceden-oss/erc721m/releases/latest
* Smart contracts (*.sol) are located within the [erc721m/contracts](https://github.com/magiceden-oss/erc721m/tree/main/contracts) directory
**Explicitly:** This covers vulnerabilities that are purely executed on chain against the in scope contracts (mainnet only).
**Exclusions:**
* Phishing or any user interaction style of attacks
* Any attack that requires a user to interact with contract from an attacker controlled website
* Dependency issues with supporting tooling. This bounty scope focuses on the smart contracts.
* Contracts in active development or collaboration and not yet deployed to production or mainnet are exempt (In scope assets are those included under the most recent release)
* Chain specific vulnerabilities are excluded, e.g. EVM or Solana runtime issues.
* Mocks or assets under "mocks/"
Integrity requirements: high
Max severity: critical
Asset identifier: coralcube.io
Asset type: URL
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty: true
Eligible for submissions: true
Instruction:
Integrity requirements: high
Max severity: critical
Asset identifier: eng.magiceden.dev
Asset type: URL
Availability requirement: none
Confidentiality requirement: none
Eligible for bounty:
Eligible for submissions: true
Instruction: This is a blog operated and managed by a third party vendor Hashnode.
Integrity requirements: none
Max severity: none
Asset identifier: eng.magiceden.io
Asset type: URL
Availability requirement: none
Confidentiality requirement: none
Eligible for bounty:
Eligible for submissions: true
Instruction: This is a blog operated and managed by a third party vendor Hashnode.
