Euler adopts SEAL Safe Harbor with Cantina verification
Euler is adopting the SEAL Whitehat Safe Harbor Agreement, and Cantina will support the program through KYC and verification for eligible whitehats.
Bug bounties are built for prevention and private disclosure. Safe Harbor is built for live incidents, when an exploit is active and the priority is to stop loss and recover funds with clear rules and clear accountability.
SEAL Safe Harbor defines when intervention is allowed, what good faith behavior looks like, and how rescued assets must be handled. That clarity matters because incident response is time sensitive, and uncertainty creates hesitation at the worst possible moment.
What Euler is implementing
Euler’s adoption sets the rescue workflow in advance.
Safe Harbor applies only during an active exploit. It is not a channel for routine testing or standard bug bounty submissions.
Rescued assets must be returned to protocol controlled recovery addresses within 72 hours.
The rescue bounty is predetermined at 10% of recovered assets, capped at $2.5M.
The bounty is non retainable, meaning recovered funds are returned first and the bounty is paid after verification.
Participation is named, with a diligence requirement to complete KYC with Cantina to be eligible.
Why Cantina is involved
Euler is using Cantina for verification so eligibility is unambiguous before an incident happens and so payouts can be processed with the right diligence after the incident.
That creates a clean operational path on both sides.
Researchers know what is required to participate and get paid.
Protocols can compensate rescuers with confidence and consistent process.
What researchers should do now
If you want to be eligible for Euler’s Safe Harbor rescue rewards, complete Cantina verification early. During a live exploit, verification should not be the blocker.
What protocol teams can take away
Safe Harbor complements audits and bug bounties by covering the moment when prevention fails. Euler’s adoption shows what strong incident readiness looks like: predefined terms, designated recovery paths, and verification built into the program.