Skip to content

Bug Bounty

🔒 Security & Responsible Disclosure

Moosh welcomes responsible security research during the testnet phase.

We are particularly interested in reports related to issues that may affect protocol correctness, accounting integrity, or risk enforcement, including:

  • Incorrect supply or borrow balance accounting
  • Inconsistent or unexpected interest accrual behavior
  • Deviations in liquidation triggers or execution paths
  • Risk parameter enforcement failures or bypass scenarios
  • Deployment or configuration issues that impact system correctness

Out of Scope

The following reports are considered out of scope during the testnet phase:

  • UI or visual defects
  • Expected instability caused by testnet resets, pauses, or redeployments
  • Limitations explicitly documented as part of the testnet environment

Reporting Process

Potential security issues should be reported privately to the core team through official channels.

Please do not publicly disclose vulnerabilities before coordinated disclosure with the Moosh team.