Bug bounty scope gap on highest-TVL contracts

Circle USYC's assessment for RD-F-183 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No bug bounty program exists (F007 red). Gray per methodology: the scope-gap question (whether highest-TVL contracts are excluded from bounty scope) is moot when there is no bounty program to scope. The BSC USYC token (0x8D0fA28f221eB5735BC71d3a0Da67EE5bC821311, ~$2.86B TVL) would be the highest-TVL contract to bring into scope if a program existed.

Sources #

Internal
circle-usyc data cache00-data-cache.json bug_bounty.platform: null — no bug bounty program existsretrieved 2026-05-15

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol circle-usyc factor RD-F-183 score gray collected_at 2026-05-15 21:56:43