Bug bounty scope gap on highest-TVL contracts

Midas's assessment for RD-F-183 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Active bug bounty via Sherlock + Cantina since 2026-03-24, $500K max payout. LinkedIn announcement confirms scope: 'all mToken contracts, access control, deposit vaults, redemption vaults, data feeds, Layer Zero OFT, Axelar vault.' Highest-TVL contracts (mTBILL token, mBASIS token, DepositVault, RedemptionVault) are explicitly in scope. No known high-TVL contract exclusions identified. Cantina program page requires authentication but scope alignment confirmed via the LinkedIn announcement which references full contract suite coverage.

Sources #

URL
Midas Bug Bounty LinkedIn AnnouncementLinkedIn bug bounty announcement — full contract suite scoperetrieved 2026-05-16
URL
Midas Bug Bounty on SherlockSherlock bug bounty page, max $500K, live since May 2026retrieved 2026-05-16

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-183 score green collected_at 2026-05-16 09:34:55