Merge pull request #7 from cupOJoseph/content

add content

Author: cupOJoseph

docs/technical-documentation/brand-assets.md

@@ -1,88 +1,11 @@
 ---
-sidebar_position: 4
+sidebar_position: 5
 ---
 
 # Brand Assets
 
-Let's translate `docs/intro.md` to French.
+Official Nerite brand assets and usage guidelines.
 
-## Configure i18n
+All assets are available here. Everything is MIT licensed *except* for things in the cute snails folder.
 
-Modify `docusaurus.config.js` to add support for the `fr` locale:
-
-```js title="docusaurus.config.js"
-export default {
-  i18n: {
-    defaultLocale: 'en',
-    locales: ['en', 'fr'],
-  },
-};
-```
-
-## Translate a doc
-
-Copy the `docs/intro.md` file to the `i18n/fr` folder:
-
-```bash
-mkdir -p i18n/fr/docusaurus-plugin-content-docs/current/
-
-cp docs/intro.md i18n/fr/docusaurus-plugin-content-docs/current/intro.md
-```
-
-Translate `i18n/fr/docusaurus-plugin-content-docs/current/intro.md` in French.
-
-## Start your localized site
-
-Start your site on the French locale:
-
-```bash
-npm run start -- --locale fr
-```
-
-Your localized site is accessible at [http://localhost:3000/fr/](http://localhost:3000/fr/) and the `Getting Started` page is translated.
-
-:::caution
-
-In development, you can only use one locale at a time.
-
-:::
-
-## Add a Locale Dropdown
-
-To navigate seamlessly across languages, add a locale dropdown.
-
-Modify the `docusaurus.config.js` file:
-
-```js title="docusaurus.config.js"
-export default {
-  themeConfig: {
-    navbar: {
-      items: [
-        // highlight-start
-        {
-          type: 'localeDropdown',
-        },
-        // highlight-end
-      ],
-    },
-  },
-};
-```
-
-The locale dropdown now appears in your navbar:
-
-![Locale Dropdown](./img/localeDropdown.png)
-
-## Build your localized site
-
-Build your site for a specific locale:
-
-```bash
-npm run build -- --locale fr
-```
-
-Or build your site to include all the locales at once:
-
-```bash
-npm run build
-```
+https://github.com/NeriteOrg/assets 

docs/technical-documentation/bug-bounty.md

@@ -4,85 +4,213 @@ sidebar_position: 3
 
 # Bug Bounty
 
-Let's translate `docs/intro.md` to French.
+A bug bounty program for Liquity’s underlying smart contracts that Nerite uses is now live. We intend for hackers to look for smart contract vulnerabilities in our system that can lead to loss of funds or locked components.
 
-## Configure i18n
+Check out Liquity's [bug bounty](https://docs.liquity.org/v2-documentation/bug-bounty) program for the most up to date information.
 
-Modify `docusaurus.config.js` to add support for the `fr` locale:
+The preferred way to submit a vulnerability is through Liquity's Vault on [Hats Finance](https://app.hats.finance/bug-bounties/liquity-0xd9a1751269d5506e3528241e3f35d3fbeb974b6b/rewards). If, for any reason, Hats can't be used, vulnerabilities can also be sent using the method described below.
 
-```js title="docusaurus.config.js"
-export default {
-  i18n: {
-    defaultLocale: 'en',
-    locales: ['en', 'fr'],
-  },
-};
-```
+Rewards will be awarded at the sole discretion of Liquity AG. The quality of the report and reproduction instructions can impact the reward. Rewards are denominated and paid out in USD. If both parties agree, rewards can also be paid out in crypto assets.
 
-## Translate a doc
+## Reporting a Vulnerability
+Please responsibly disclose any findings to the development team, following these instructions:
 
-Copy the `docs/intro.md` file to the `i18n/fr` folder:
+In order to report a vulnerability, please write an email to [email protected] with [SECURITY DISCLOSURE] in the subject of the email.
 
-```bash
-mkdir -p i18n/fr/docusaurus-plugin-content-docs/current/
+For sensitive vulnerabilities, please encrypt the email using this PGP key (Fingerprint: D4BA B0E7 3B99 4FC5 79DC 9E0A C640 0C72 C5B8 CA28).
 
-cp docs/intro.md i18n/fr/docusaurus-plugin-content-docs/current/intro.md
-```
+We will make our best effort to reply in a timely manner and provide a timeline for resolution.
 
-Translate `i18n/fr/docusaurus-plugin-content-docs/current/intro.md` in French.
+Please include a detailed report on the vulnerability with clear reproduction steps. The quality of the report can impact the reward amount.
 
-## Start your localized site
+Failure to do so will result in a finding being ineligible for any bounties.
 
-Start your site on the French locale:
+## Scope
+In scope for the bug bounty are all the smart contract components of the Liquity V2 protocol. They can be found in the following repository: https://github.com/liquity/bold
 
-```bash
-npm run start -- --locale fr
-```
+Solidity code under the contracts directory: 
 
-Your localized site is accessible at [http://localhost:3000/fr/](http://localhost:3000/fr/) and the `Getting Started` page is translated.
+/src
 
-:::caution
+├── ActivePool.sol
 
-In development, you can only use one locale at a time.
+├── AddressesRegistry.sol
 
-:::
+├── BoldToken.sol
 
-## Add a Locale Dropdown
+├── BorrowerOperations.sol
 
-To navigate seamlessly across languages, add a locale dropdown.
+├── CollateralRegistry.sol
 
-Modify the `docusaurus.config.js` file:
+├── CollSurplusPool.sol
 
-```js title="docusaurus.config.js"
-export default {
-  themeConfig: {
-    navbar: {
-      items: [
-        // highlight-start
-        {
-          type: 'localeDropdown',
-        },
-        // highlight-end
-      ],
-    },
-  },
-};
-```
+├── DefaultPool.sol
 
-The locale dropdown now appears in your navbar:
+├── Dependencies
 
-![Locale Dropdown](./img/localeDropdown.png)
+│   ├── AddRemoveManagers.sol
 
-## Build your localized site
+│   ├── AggregatorV3Interface.sol
 
-Build your site for a specific locale:
+│   ├── Constants.sol
 
-```bash
-npm run build -- --locale fr
-```
+│   ├── IRETHToken.sol
 
-Or build your site to include all the locales at once:
+│   ├── LiquityBase.sol
 
-```bash
-npm run build
-```
+│   ├── LiquityMath.sol
+
+│   └── Ownable.sol
+
+├── GasPool.sol
+
+├── Interfaces
+
+│   ├── IActivePool.sol
+
+│   ├── IAddRemoveManagers.sol
+
+│   ├── IAddressesRegistry.sol
+
+│   ├── IBoldRewardsReceiver.sol
+
+│   ├── IBoldToken.sol
+
+│   ├── IBorrowerOperations.sol
+
+│   ├── ICollateralRegistry.sol
+
+│   ├── ICollSurplusPool.sol
+
+│   ├── ICommunityIssuance.sol
+
+│   ├── ICompositePriceFeed.sol
+
+│   ├── IDefaultPool.sol
+
+│   ├── IInterestRouter.sol
+
+│   ├── ILiquityBase.sol
+
+│   ├── ILQTYStaking.sol
+
+│   ├── ILQTYToken.sol
+
+│   ├── IMultiTroveGetter.sol
+
+│   ├── IPriceFeed.sol
+
+│   ├── ISortedTroves.sol
+
+│   ├── IStabilityPoolEvents.sol
+
+│   ├── IStabilityPool.sol
+
+│   ├── ITroveEvents.sol
+
+│   ├── ITroveManager.sol
+
+│   ├── ITroveNFT.sol
+
+│   ├── IWETHPriceFeed.sol
+
+│   ├── IWETH.sol
+
+│   ├── IWSTETHPriceFeed.sol
+
+│   └── IWSTETH.sol
+
+├── MockInterestRouter.sol
+
+├── PriceFeeds
+
+│   ├── CompositePriceFeed.sol
+
+│   ├── MainnetPriceFeedBase.sol
+
+│   ├── RETHPriceFeed.sol
+
+│   ├── WETHPriceFeed.sol
+
+│   └── WSTETHPriceFeed.sol
+
+├── SortedTroves.sol
+
+├── StabilityPool.sol
+
+├── TroveManager.sol
+
+├── TroveNFT.sol
+
+├── Types
+
+│   ├── BatchId.sol
+
+│   ├── LatestBatchData.sol
+
+│   ├── LatestTroveData.sol
+
+│   ├── TroveChange.sol
+
+│   └── TroveId.sol
+
+└── Zappers
+
+    ├── GasCompZapper.sol
+
+    ├── Interfaces
+
+    │   ├── IExchange.sol
+
+    │   ├── IFlashLoanProvider.sol
+
+    │   ├── IFlashLoanReceiver.sol
+
+    │   └── ILeverageZapper.sol
+
+    ├── LeverageLSTZapper.sol
+
+    ├── LeverageWETHZapper.sol
+
+    ├── Modules
+
+    │   ├── Exchanges
+
+    │   │   ├── CurveExchange.sol
+
+    │   │   └── UniV3Exchange.sol
+
+    │   │   └── HybridCurveUniV3Exchange.sol
+
+    │   └── FlashLoans
+
+    │       └── BalancerFlashLoan.sol
+
+    └── WETHZapper.sol
+
+## Out of scope
+Known issues will not be rewarded
+
+## Areas of interest
+These are some examples of vulnerabilities that would be interesting:
+
+Stealing tokens or manipulating the token generation process.
+
+Locking or freezing any of the Liquity V2 contracts.
+
+Griefing attacks: is it possible to block liquidations, redemptions, borrower operations, rewards distributions, etc.
+
+Do the desired constraints on borrower operations hold?
+
+Flash loan exploits
+
+LQTY token exploits involving the LockupContracts
+
+Frontend initiated smart contract interactions which unexpectedly impact the user negatively - e.g. MEV risk from withdrawing liquidity from an AMM
+
+## Eligibility
+Only unknown vulnerabilities will be awarded a bounty; in case of duplicate reports, the first report will be awarded the bounty.
+
+Public disclosure of the vulnerability, before explicit consent from Liquity AG to do so, will make the vulnerability ineligible for a bounty.
+
+Attempting to exploit the vulnerability in a public Ethereum network will also make it ineligible for a bounty.