Security by Design, Open to Review
Agglayer built by Polygon is building the backbone of Ethereum’s scaling ecosystem. Its infrastructure enables capital and data to move seamlessly between rollups, while maintaining the security guarantees of Ethereum as a base layer.
To validate and strengthen that architecture, Agglayer is now launching a $1,000,000 bug bounty program in collaboration with Cantina.
This program invites researchers to evaluate Agglayer’s cross-chain infrastructure. The scope includes key deployed contracts coordinating rollup communication, liquidity movement, and validator-linked execution logic. These are the mechanisms responsible for securing execution pathways across the Agglayer and routing value through protocol-native vault systems.
What’s in Scope
The bug bounty covers core smart contracts deployed on Ethereum mainnet, including:
- Settlement and rollup coordination logic
- VaultBridge token infrastructure
- Migration and upgrade pathways
Researchers are encouraged to explore high-impact vectors such as message validation, signature verification, upgrade logic, and funds isolation assumptions.
All eligible reports will be triaged through Cantina, and top-tier findings may receive up to $1,000,000 based on severity, likelihood, and report quality.
Program Objectives
This bounty program reflects a broader commitment to open coordination, transparency, and security-first design. Agglayer infrastructure secures meaningful value across the ecosystem. Every contract in scope is part of a broader system powering how Ethereum scales safely.
Structured Review, Structured Rewards
Reports are evaluated using a customized risk framework. Rewards are issued based on impact and exploitability. The program includes clear disclosure policies, triage processes, and scope definitions.
Explore the Surface
The program is live.
Researchers, contributors, and adversarial reviewers are invited to dive in.
Read the full details, rules, and scope here.