Cantina’s active bounty ecosystem currently offers over more than $34 million in available rewards. To date, $11.6 million has been awarded to top-performing researchers who deliver high-signal findings across production systems. These programs are designed to attract elite security research talent and demonstrate the role structured bounty engagements play in advancing Web3 security at scale.
Cantina facilitates these engagements with infrastructure built specifically for scale, clarity, and technical precision. Let’s take a closer look at the programs setting the standard for Web3 security.
Spotlight Programs
Uniswap Labs
Max Reward: $15,500,000 in USDC
Scope includes core v4 smart contracts, interfaces, Universal Router, Permit2, and Unichain L1 contracts. Payout tiers are based on fund risk and exploit impact. This is the largest bounty program in Web3 history.
What matters: Broad coverage, tiered rewards tied to TVL risk, proof-of-concept required, and pre-coordinated with audits and live competitions.
Euler
Max Reward: $7,500,000 in USDC + rEUL + USUAL
Targets vaults, controller logic, and lending components across Euler V2 and USL Boost.
What matters: Modular payout logic, boosted rewards for findings affecting USL vaults, detailed validation protocol.
Coinbase
Max Reward: $5,000,000
Scope includes all Coinbase Web3 production smart contracts. This marks Coinbase’s first public bug bounty across its entire onchain infrastructure.
What matters: Enterprise-grade review process, open-source code, documented targets, reproducible test frameworks, and payouts based on reproducibility and production impact. Builds on prior verified collaborations across critical protocol components.
Morpho
Max Reward: $2,500,000 in USDC
Scope includes MetaMorpho optimizer layers, smart contracts, and vault routing.
What matters: Reviews vault architecture, optimizations, and liquidity behavior.
Pendle Finance
Max Reward: $2,000,000 in USDC
Includes yield markets, AMM modules, and composable staking interfaces.
What matters: Critical to ensuring yield tokenization security and forward-rate execution.
PancakeSwap
Max Reward: $1,000,000 in USDC
What matters: Cross-chain DEX infrastructure under scrutiny.
LI.FI
Max Reward: $1,000,000 in USDC
What matters: Protocols focused on bridging and asset movement require extra attention to endpoint security.
Kiln
Max Reward: $1,000,000 in USDC
What matters: Liquid staking and validator abstraction logic.
Curious to explore the full lineup of active programs and participate in high-stakes security engagements?
Browse current opportunities and get started here.
Why These Programs Matter
Cantina offers structured bounty programs with defined scopes, clear reward tiers, and seamless researcher engagement. Its infrastructure supports submission filtering, rapid triage, and payout workflows. This ecosystem brings critical protection to protocols while aligning incentives for researchers.
Cantina Code: Purpose-Built for Security Engagements
Cantina Code is the backbone of every program on the platform: powering discovery, review, and resolution across bounties, competitions, and high-signal reviews. It delivers the tools elite researchers and security-focused organizations need to work with efficiency, depth and clarity. Some of the features:
Cantina Assistant
Pre-submission guidance ensures structured, complete reports. AI support during competitions enhances context and speeds up quality reviews. Improves over 1,500 submissions monthly.
Recommended Findings
Highlights the most relevant submissions using researcher reputation, judge input, and metadata. Reduces triage overhead.
Client-Side Triage
Built-in workflows allow protocol teams to confirm, reject, or label submissions directly, no external triage infrastructure needed.
Inline and Private Comments
Threaded feedback in context. Turn comments into findings instantly, or collaborate privately on sensitive issues.
Self-Managed Bounties
Organizations can set scopes, payouts, and repository access themselves. Everything is visible, auditable, and configurable.
Unified Dashboard & Bounty Insights
Track researcher activity, issue status, and program metrics in real time. One interface for everything.
Automation & Integrations
Triggers based on label status or severity. Integrates with Slack, Discord, Linear, OpsGenie, and more.
Cantina Code brings structure to every aspect of security engagement - surfacing what matters, eliminating friction, and enabling results at scale.
Final Reflections
Cantina provides an infrastructure layer for security engagement. With more than $34 million in live bounties and a track record of value delivered, the platform enables scalable, transparent, and results-driven security for Web3.
Would you like a bug bounty program that will attract top researchers, streamline high-signal reporting, and secure your infrastructure at scale? Contact us today.