The Loopscale protocol has been independently audited by top security firms, and we continue to invest time and resources to third-party security audits to mitigate risks associated with smart contracts.Documentation Index
Fetch the complete documentation index at: https://docs.loopscale.com/llms.txt
Use this file to discover all available pages before exploring further.
Date | Scope | Firm | Report |
|---|---|---|---|
| March 27, 2026 | BEAM Periphery: Oracle Integrations | Adevar Labs | Link |
| March 18, 2026 | BEAM (Oracle Adapter) | Adevar Labs | Link |
| December 18, 2025 | Loopscale Periphery: Tokenized Vault LPs | Adevar Labs | Link |
| November 5, 2025 | Loopscale Periphery: Token2022 Transfer Hook Support | Adevar Labs | Link |
| July 31, 2025 | Loopscale Periphery: Asset Integrations, Collateral Rollover, Borrow Caps | Adevar Labs | Link |
| July 11, 2025 | Loopscale Periphery: Asset Integration | Highland Security | Link |
| May 19, 2025 | Loopscale V1 | sec3 | Private |
| February 25, 2025 | Loopscale V1 | OShield | Private |
Bug Bounty Program
Loopscale offers a bug bounty program with rewards of up to $250,000. The goal of the program is to encourage security researchers to identify and responsibly disclose security vulnerabilities that may affect the Loopscale protocol. To report a bug, please read the information and instructions below.Scope
The program covers the following:- Core Loopscale program libraries
- Economic mechanisms, including liquidations
- Collateral pricing and oracle integrations
- Internal API endpoints and supporting backend services/infrastructure
Rewards
The rewards below are the maximum USD rewards for vulnerabilities dependent on their severity and origin.| Severity | Program | Application & Services |
|---|---|---|
| Critical | $250,000 | $50,000 |
| High | $100,000 | $10,000 |
| Medium | $10,000 | $5,000 |
| Low | $2,500 | $500 |
Eligibility Requirements
To qualify for a reward under this program, you must:- Identify a previously unknown, unreported vulnerability within the scope described above.
- Provide sufficient description of the vulnerability such that our team can replicate and resolve the vulnerability.
- Report the vulnerability privately without exploiting the vulnerability, including publicizing or otherwise profiting from the vulnerability.
- Not be subject to OFAC sanctions or reside in a country under OFAC embargo.
- Not be a current or former employee, vendor, or contractor involved in the development of code related to the reported vulnerability.
Out-of-Scope
The following vulnerabilities or issues are explicitly out-of-scope and will not qualify for rewards:- Previously reported or publicly known vulnerabilities
- Issues documented clearly in code comments, READMEs, or official documentation
- Findings from prior audits or identified in non-production branches
- Third-party service integration failures or misconfigurations
- Configuration errors by Vault Curators
- SPL token compatibility edge cases without direct security impact
- Email deliverability issues, including those caused by incorrect DKIM, SPF, or DMARC configurations
- Clickjacking or other UI redress attacks that do not result in direct theft, locking, or loss of funds
- Basic economic or governance-based attacks (e.g., 51% attacks)
- Attacks involving phishing or social engineering techniques
- Reports of secrets, API keys, or credentials publicly available without proof of active exploitation
- Best practice recommendations and feature requests
- Issues strictly related to test files, scripts, or testing configurations
- Subdomain takeovers, SSL/TLS certificate issues, and open redirect vulnerabilities without direct security impact
How to Submit
Send your report to security@loopscale.com and include:- A clear description of the vulnerability
- Steps to reproduce the issue (screenshots or PoC encouraged)
- Affected components or programs