The logic behind your wallet should be open source, as there shouldn't be anything to hide. Open source smart contracts allow everyone to inspect and improve their security. Our Starknet smart contracts are 100% open source, available for everyone to inspect, and improve the security of our code. That's why Argent is the safest wallet for Starknet.
To encourage constant security reviews, we run a bug bounty program, with rewards commensurate to the seriousness of any issue found. Currently Starknet is in Alpha. Our bug bounty reward size will grow once the ecosystem moves to production.
Here's how the bounty works…
Our two main Cairo smart contracts:
and their dependencies.
All other files in https://github.com/argentlabs/argent-contracts-starknet/blob/main/ are not part of the bug bounty program.
We of course want to know every vulnerability, but in particular:
Anything already covered by our audits is NOT in scope.
We follow many of the bug bounty rules that the Ethereum Foundation does:
The size of the bounty will vary depending on the severity of the issue discovered. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood.
Decisions on the eligibility and size of a reward are guided by the rules above, but are, in the end, determined at the sole discretion of Argent.
In addition to severity, other variables are also considered when Argent evaluates the eligibility and size of a bounty, including (but not limited to):
Please email firstname.lastname@example.org