The primary scope of the bug bounty program is for vulnerabilities affecting the on-chain Valkyrie Protocol, deployed to the Terra Columbus 0.5.5 Mainnet, for contract addresses listed in this developer documentation.
This list may change as new contracts are deployed, or as existing contracts are removed from usage. Vulnerabilities in contracts built on top of the Protocol by third-party developers (such as smart contract wallets) are not in-scope, nor are vulnerabilities that require ownership of an admin key.
The secondary scope of the bug bounty program is for vulnerabilities affecting the Valkyrie Protocol Interface hosted at app.valkyrieprotocol.com that could conceivably result in exploitation of user accounts.
Finally, test contracts (Bombay and other testnets) and staging servers are out of scope, unless the discovered vulnerability also affects Valkyrie Protocol or Interface, or could otherwise be exploited in a way that risks user funds.