Security of the platform is our highest priority. All contract code and balances are publicly verifiable, and security researchers are eligible for a bug bounty for reporting undiscovered vulnerabilities.

Audit

Open Zeppelin has performed an audit on the oval-contracts repository. The audit can be viewed here.

Bug Bounty Program

Bugs in Oval are eligible for up to $1,000,000 in bounty. Please report bugs to bugs@umaproject.org.

For more information about bug bounty eligibility, please see the UMA bug bounty page.