Authors: Skylock.xyz
This proposal outlines Alchemix Governance’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting Safe Harbor, Alchemix improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.
The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible.
Key aspects of the agreement include:
Authorized Whitehat Intervention During Active Exploits: Safe Harbor allows whitehats to intervene only during live, critical exploits where standard disclosure wouldn't prevent fund loss. They're required to follow strict operational guidelines and return all recovered funds to a designated protocol address within 72 hours. This ensures rapid fund recovery and minimizes risk to the protocol.
Legal Protection and Incentives for Whitehats: By limiting legal liability and offering capped bounties for successful rescues, Safe Harbor encourages whitehats to act swiftly and responsibly during emergencies, protecting the protocol while operating within a secure legal framework.
Alchemix is committed to enhancing its security and protecting user funds during critical moments. While security audits and other preventive measures are crucial, the unpredictable nature of exploits requires a swift, decisive response mechanism to minimize potential damage.
The Safe Harbor Agreement empowers whitehats to act immediately during an active exploit, providing a proactive and structured recovery process. By enabling whitehats to step in and recover assets during a crisis, Alchemix strengthens its defenses against emerging threats.
Benefits of adopting the Safe Harbor Agreement include:
Rapid, Structured Exploit Response: Safe Harbor enables whitehats to act immediately during active exploits with a clear, predefined process for fund recovery. This minimizes damage, eliminates confusion during crises, and accelerates asset protection.
Fair Incentives and Industry Alignment: A capped bounty system ensures transparent, conflict-free rewards for whitehats, separating exploit intervention from routine disclosures. By adopting this framework, Alchemix reinforces its commitment to industry-standard security practices.
Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.
Alchemix will adopt the agreement with the following parameters. For a full description of these adoption details, review the Safe Harbor for Protocols document.
| Chain | Address |
| Ethereum | 0x9e2b6378ee8ad2a4a95fe481d63caba8fb0ebbf9 |
| Arbitrum | 0x7e108711771dfdb10743f016d46d75a9379ca043 |
| Base | 0x24e9cbb9ddda1247ae4b4eeee3c569a2190ac401 |
| Optimism | 0xc224bf25dcc99236f00843c7d8c4194abe8aa94a |
| Metis | 0x0f5c3a8b62ff7639895bb9737c5befb711c4f7f4 |
| Linea | 0x16a63fcd874f7f9e267a1f274c46677d5f3fcc65 |
| Fraxtal | 0x41ab74824b4d1b196eeb62569b907ef9a313df18 |
| Chain | Name | Address | Type (None, Existing Only, All) |
| Ethereum | alETH Alchemist | 0x062Bf725dC4cDF947aa79Ca2aaCCD4F385b13b5c | Existing Only |
| Ethereum | alUSD Alchemist | 0x5C6374a2ac4EBC38DeA0Fc1F8716e5Ea1AdD94dd | Existing Only |
| Ethereum | ETH Transmuter | 0x03323143a5f0D0679026C2a9fB6b0391e4D64811 | Existing Only |
| Ethereum | ETH Buffer | 0xbc2FB245594a68c927C930FBE2d00680A8C90B9e | Existing Only |
| Ethereum | DAI Transmuter | 0xA840C73a004026710471F727252a9a2800a5197F | Existing Only |
| Ethereum | Transmuter Buffer | 0x1EEd2DbeB9fc23Ab483F447F38F289cA15f79Bac | Existing Only |
| Ethereum | USDC Transmuter | 0x49930AD9eBbbc0EB120CCF1a318c3aE5Bb24Df55 | Existing Only |
| Ethereum | USDT Transmuter | 0xfC30820ba6d045b95D13a5B8dF4fB0E6B5bdF5b9 | Existing Only |
| Ethereum | FRAX Transmuter | 0xE107Fa35D775C77924926C0292a9ec1FC14262b2 | Existing Only |
| Ethereum | alETH AMO | 0x9fb54d1F6F506Feb4c65B721bE931e59BB538c63 | Existing Only |
| Ethereum | alUSD AMO | 0x06378717d86B8cd2DBa58c87383dA1EDA92d3495 | Existing Only |
| Arbitrum | alETH Alchemist | 0x654e16a0b161b150F5d1C8a5ba6E7A7B7760703A | Existing Only |
| Arbitrum | alUSD Alchemist | 0xb46eE2E4165F629b4aBCE04B7Eb4237f951AC66F | Existing Only |
| Arbitrum | alETH Transmuter | 0x1EB7D78d7f6D73e5de67Fa62Fd8b55c54Aa9c0D4 | Existing Only |
| Arbitrum | alUSD Transmuter | 0xe7ec71B894583E9C1b07873fA86A7e81f3940eA8 | Existing Only |
| Arbitrum | alETH Buffer | 0xECAd08EE07f1AA87f3E080997eBa6d02d28bb9D2 | Existing Only |
| Arbitrum | alUSD Buffer | 0x00E33722ba54545667E76a18CE9D544130eEAbcC | Existing Only |
| Optimism | alETH Alchemist | 0xe04Bb5B4de60FA2fBa69a93adE13A8B3B569d5B4 | Existing Only |
| Optimism | alUSD Alchemist | 0x10294d57A419C8eb78C648372c5bAA27fD1484af | Existing Only |
| Optimism | alETH Transmuter | 0xb7C4250f83289ff3Ea9f21f01AAd0b02fb19491a | Existing Only |
| Optimism | USDC Transmuter | 0xA7ea9ef9E2b5e15971040230F5d6b75C68Aab723 | Existing Only |
| Optimism | USDT Transmuter | 0x4e7d2115E4FeEcD802c96E77B8e03D98104415fa | Existing Only |
| Optimism | DAI Transmuter | 0xFCD619923456E20EAe298B35E3606277b391BBB4 | Existing Only |
| Optimism | alETH Buffer | 0x7f50923EE8E2BC3596a63998495baf2948a28f68 | Existing Only |
| Optimism | alUSD Buffer | 0xe99a9A717c60F9639B235ede422c27d60FBEB3b9 | Existing Only |
“Existing Only”: The Safe Harbor Agreement will only cover the subcontracts currently deployed under this contract.
Contact Details: Designated security contact for Alchemix
Name: Ov3rkoalafied
Contact Information: Telegram: @Ov3rkoalafied
Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds
Bounty Percentage: 10% of recovered funds.
Bounty Cap (USD): $300k
Retainable: True
Identity Verification: Anonymous
Diligence Requirements: None
Register Agreement On-Chain:
0x8f72fcf695523a6fc7dd97eafdd7a083c386b7b6, including all adoptionDetails. This ensures transparency and immutability.Communicate Adoption:
Future Updates to Scope:
Adopting the SEAL Whitehat Safe Harbor Agreement equips Alchemix with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Alchemix’s commitment to proactive security.
SEAL Whitehat Safe Harbor Agreement: GitHub Repository
Alchemix Bug Bounty: Alchemix’s Bug Bounty