Bug bounty scope gap on highest-TVL contracts

Axelar Network's assessment for RD-F-183 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Immunefi program covers 22 assets in scope across 18 chains. The highest-TVL contracts - AxelarGateway Ethereum proxy (~$51.6M) and ITS proxy - are the primary bridge surface and appear within scope. No explicit exclusion of core gateway contracts identified. $500k max payout (green threshold). The bounty scope excludes issues already in public GitHub issues (reasonable exclusion, not a scope gap). The 2024 validator deregistration bug was paid $50k, confirming whitehats can receive bounties for gateway-impacting issues.

Sources #

URL
Axelar Immunefi Program - Scope and PayoutImmunefi Axelar bounty: 22 in-scope assets, $500k max, 18 chains, no exclusion of core gatewayretrieved 2026-05-17
URL
Axelar $50k Bounty Payment 20242024 validator deregistration $50k bounty paid - confirms core-impacting issues in scoperetrieved 2026-05-17

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol axelar factor RD-F-183 score green collected_at 2026-05-16 21:57:49