Instruction: Broken link reports are in scope only when they meet all of the following conditions.
* They must be on OpenSea curated content, including but not limited to OpenSea's blog and Learning Center.
* They must be able to be taken over.
* A proof of concept is required.
* Specifically out of scope:
* Employee personal blogs
* All user generated content, including but not limited to creator controlled links
* Username take over of tagged social media accounts
Instruction: **Exclusions**:
* Phishing or any user interaction style of attacks
* Any attack that requires a user to interact with contract from an attacker controlled website
**Explicitly**: this covers vulnerabilities that are purely executed on chain against the in scope contracts.
* Seadrop: [0x00005EA00Ac477B1030CE78506496e8C2dE24bf5](https://etherscan.io/address/0x00005EA00Ac477B1030CE78506496e8C2dE24bf5)
* Fee Collector:
[0x0000a26b00c1F0DF003000390027140000fAa719](https://etherscan.io/address/0x0000a26b00c1F0DF003000390027140000fAa719)
Integrity requirements: medium
Max severity: critical
Asset identifier: Seaport Smart Contract
Asset type: OTHER
Availability requirement: medium
Confidentiality requirement: none
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Exclusions**:
* Orders and transactions initiated and validated on opensea.io are covered by the opensea.io asset
* Phishing or any user interaction style of attacks
* Any attack that requires a user to interact with contract from an attacker controlled website
* Seaport 1.2 ([0x00000000000006c7676171937C444f6BDe3D6282](https://etherscan.io/address/0x00000000000006c7676171937C444f6BDe3D6282)) and 1.3 ([0x0000000000000aD24e80fd803C6ac37206a45f15](https://etherscan.io/address/0x0000000000000aD24e80fd803C6ac37206a45f15)) are out of scope.
**Explicitly**: this covers vulnerabilities that are purely executed on chain against the in scope contracts.
See the current deployments [here](https://github.com/ProjectOpenSea/seaport#deployments). Currently the addresses are:
* Seaport:
* 1.1: [0x00000000006c3852cbEf3e08E8dF289169EdE581](https://etherscan.io/address/0x00000000006c3852cbEf3e08E8dF289169EdE581)
* 1.4: [0x00000000000001ad428e4906aE43D8F9852d0dD6](https://etherscan.io/address/0x00000000000001ad428e4906aE43D8F9852d0dD6)
* ConduitController: [0x00000000F9490004C11Cef243f5400493c00Ad63](https://etherscan.io/address/0x00000000F9490004C11Cef243f5400493c00Ad63)
* OpenSea's Conduit: [0x1e0049783f008a0085193e00003d00cd54003c71](https://etherscan.io/address/0x1e0049783f008a0085193e00003d00cd54003c71)
Integrity requirements: high
Max severity: critical
Asset identifier: io.opensea
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement: none
Confidentiality requirement: low
Eligible for bounty: true
Eligible for submissions: true
Instruction: This asset is the official OpenSea Android app that is found on the [Google Play Store](https://play.google.com/store/apps/details?id=io.opensea): io.opensea
**Exclusions**:
* Attacks that assume a malicious wallet app
* Attacks that require a rooted device
* Apps found anywhere besides the Google Play Store
