IOP | Term Structure Institutional

Code Freeze Assurance

Code of the assets in scope is frozen while the program is live.

Duplicate submissions of bugs are valid. Duplicate submissions of Insights are invalid.

The project commits to keeping private all info related to bug findings until this program is over. This means the project will not leak info about any bug findings or planned bug fixes, including bug findings found independently by the project or from concurrent private audits.

Insight Reporting

Insight reports may be reported to this program and do not require a PoC. Insights are rewarded according to Immunefi’s Standardized Competition Reward Terms.

Asset Accuracy Assurance

Bugs found on assets incorrectly listed in-scope are valid.

Private Known Issues Reward Policy

Private known issues, meaning known issues that were not publicly disclosed, are valid for a reward.

Eligibility Criteria

Security researchers who wish to participate must adhere to the rules of engagement set forth in this program and cannot be:

• On OFACs SDN list
• Official contributor, both past or present
• Employees and/or individuals closely associated with the project
• Security auditors that directly or indirectly participated in the audit review

Dispute Resolution

If there is any dispute over bug reports between projects and security researchers, Immunefi has final say on validity and severity based on the terms of this program.

Responsible Publication Policy

Immunefi will publish bug reports, earnings, and a leaderboard for this Invite Only Program. Security Researchers may publish their bug reports as well, but only after Immunefi has published the valid bug reports as part of the competition results.