Bug bounty scope gap on highest-TVL contracts

Save (formerly Solend)'s assessment for RD-F-183 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Save's self-hosted bug bounty explicitly covers the token-lending smart contracts on Solana. Scope: the token-lending program code on GitHub. Max payout $1M critical. The main program and isolated pool contracts appear in scope. No explicit exclusion of any highest-TVL contract identified. Eclipse wrapper program scope is ambiguous but ~0.37% of TVL.

Sources #

Docs
Bug Bounty | Save (formerly Solend)Save bug bounty scope documentationretrieved 2026-05-17

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol save factor RD-F-183 score green collected_at 2026-05-17 15:20:15