Bug bounty scope gap on highest-TVL contracts

Polymarket's assessment for RD-F-183 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cantina $5M bounty covers 18 contracts including V1/V2 exchange, NegRisk, pUSD, UMA adapter. The ConditionalTokens contract (Gnosis CTF, 0x4D97DCd9...) bounty coverage status in the Cantina program is uncertain — it is a Gnosis-deployed contract, not a Polymarket-deployed contract. The legacy Immunefi program explicitly listed ConditionalTokens as in-scope, but transition to Cantina program's exact scope for this contract is unverified. Possible gap during transition period.

Sources #

URL
Polymarket Immunefi Bug Bounty (legacy)Immunefi legacy program: ConditionalTokens, CTFExchange, FeeModule, NegRiskAdapter, NegRiskCtfExchange in scoperetrieved 2026-04-29
URL
Polymarket Cantina Bug Bounty ScopeCantina bounty: 18 contracts in scope — ConditionalTokens status uncertainretrieved 2026-04-29

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-183 score yellow collected_at 2026-04-29 16:25:39