Cantina Bounties enables protocols to protect code in production by leveraging the best network of security researchers and the Cantina Code platform.
Access the best talent Web3 has to offer including direct access to thousands of researchers from industry-leading firms such as Spearbit.
Cantina Code was built around bettering the client experience. Simply put — less spam, higher signal findings, and less overhead for you and your team.
Through quality-gating mechanisms and LLM-based de-duplication, we reduce low-effort and spam submissions from overloading protocols.
Cantina Code provides researchers with a comprehensive code review interface to easily submit findings and the swiftest time-to-reward across the industry.
No more forms. No more Discord. No more Github. Handle all communication simply and swiftly with protocol teams — all in Cantina Code.
We believe in combining the best talent with the best reward structures to provide industry-leading bug bounties for industry-leading protocols.
The Uniswap protocol is a peer-to-peer1 system designed for exchanging cryptocurrencies (ERC-20 Tokens) on the Ethereum blockchain. The protocol is implemented as a set of persistent, non-upgradable smart contracts; designed to prioritize censorship resistance, security, self-custody, and to function without any trusted intermediaries who may selectively restrict access.
The Program includes vulnerabilities and bugs in any deployed Uniswap contract. These include those within the following GitHub repositories:
However if you find a bug in a Uniswap smart contract outside of these repositories, where user funds are at risk, the team will consider the issue to be in-scope for our bounty.
The vulnerability must not be disclosed publicly or to any other person, entity or email address before Uniswap Labs has been notified, has fixed the issue, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.
A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount. Please provide as much information about the vulnerability as possible, including:
Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution if they so choose.
To be eligible for a reward under this Program, you must:
The Program includes the following 4 level severity scale:
Rewards will be given based on the above severity as well as the likelihood of the bug being triggered or exploited, to be determined at the sole discretion of Uniswap Labs.
Select the payout amounts by which part of our product the bug is in.
Reach out to the protocols team for any bug in the contract code.
Risk Score | Payout |
---|---|
Critical | $2,250,000 |
High | $500,000 |
Medium | $100,000 |
Low | Discretionary |
This is for only the site that handles wallet interactions (app.uniswap.org)
Risk Score | Payout |
---|---|
Critical | $250,000 |
High | $50,000 |
Medium | $10,000 |
Low | Discretionary |
This is for websites that belong to Uniswap, but do not do wallet interactions such as the info site.
Risk Score | Payout |
---|---|
Critical | $50,000 |
High | $10,000 |
Medium | $2,000 |
Low | Discretionary |
Risk Score | Payout |
---|---|
Critical | $50,000 |
High | $10,000 |
Medium | $2,000 |
Low | Discretionary |
Risk Score | Payout |
---|---|
Critical | $50,000 |
High | $10,000 |
Medium | $2,000 |
Low | Discretionary |
By submitting your report, you grant Uniswap Labs any and all rights, including intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.The terms and conditions of this Program may be altered at any time.
$2,250,000 USDC
Started on 19 Jul 2024
Pendle is the first protocol that enables the trading of tokenized future yield on an AMM system. The project aims to give holders of yield-generating assets the opportunity to generate additional yield and to lock in future yield upfront, while offering traders direct exposure to future yield streams, without the need for an underlying collateral.
Further resources regarding the Pendle can be found at pendle.finance
The bug bounty program is focused around its smart contracts and is mostly concerned with the loss of user funds.
Target URL | Type |
---|---|
Explorer Link | router |
Explorer Link | ActionAddRemoveLiqV3 |
Explorer Link | ActionSwapPTV3 |
Explorer Link | ActionSwapYTV3 |
Explorer Link | ActionMiscV3 |
Explorer Link | ActionCallbackV3 |
Explorer Link | ActionStorageV4 |
Explorer Link | pendleSwap |
Explorer Link | ptAndLpOracle |
Explorer Link | yieldContractFactoryV3 |
Explorer Link | marketFactoryV3 |
Explorer Link | limitRouter |
Explorer Link | vePendle |
Explorer Link | senderEndpoint |
Explorer Link | votingController |
Explorer Link | gaugeController |
Explorer Link | feeDistributorV2 |
Target URL | Type |
---|---|
Explorer Link | router |
Explorer Link | ActionAddRemoveLiqV3 |
Explorer Link | ActionSwapPTV3 |
Explorer Link | ActionSwapYTV3 |
Explorer Link | ActionMiscV3 |
Explorer Link | ActionCallbackV3 |
Explorer Link | ActionStorageV4 |
Explorer Link | pendleSwap |
Explorer Link | ptAndLpOracle |
Explorer Link | yieldContractFactoryV3 |
Explorer Link | marketFactoryV3 |
Explorer Link | limitRouter |
Explorer Link | receiverEndpoint |
Explorer Link | vePendle |
Explorer Link | gaugeController |
Explorer Link | arbMerkleDistribution |
Target URL | Type |
---|---|
Explorer Link | router |
Explorer Link | ActionAddRemoveLiqV3 |
Explorer Link | ActionSwapPTV3 |
Explorer Link | ActionSwapYTV3 |
Explorer Link | ActionMiscV3 |
Explorer Link | ActionCallbackV3 |
Explorer Link | ActionStorageV4 |
Explorer Link | pendleSwap |
Explorer Link | ptAndLpOracle |
Explorer Link | yieldContractFactoryV3 |
Explorer Link | marketFactoryV3 |
Explorer Link | limitRouter |
Explorer Link | receiverEndpoint |
Explorer Link | vePendle |
Explorer Link | gaugeController |
Target URL | Type |
---|---|
Explorer Link | router |
Explorer Link | ActionAddRemoveLiqV3 |
Explorer Link | ActionSwapPTV3 |
Explorer Link | ActionSwapYTV3 |
Explorer Link | ActionMiscV3 |
Explorer Link | ActionCallbackV3 |
Explorer Link | ActionStorageV4 |
Explorer Link | pendleSwap |
Explorer Link | ptAndLpOracle |
Explorer Link | yieldContractFactoryV3 |
Explorer Link | marketFactoryV3 |
Explorer Link | limitRouter |
Explorer Link | receiverEndpoint |
Explorer Link | vePendle |
Explorer Link | gaugeController |
Target URL | Type |
---|---|
Explorer Link | router |
Explorer Link | ActionAddRemoveLiqV3 |
Explorer Link | ActionSwapPTV3 |
Explorer Link | ActionSwapYTV3 |
Explorer Link | ActionMiscV3 |
Explorer Link | ActionCallbackV3 |
Explorer Link | ActionStorageV4 |
Explorer Link | pendleSwap |
Explorer Link | ptAndLpOracle |
Explorer Link | yieldContractFactoryV3 |
Explorer Link | marketFactoryV3 |
Explorer Link | limitRouter |
Explorer Link | receiverEndpoint |
Explorer Link | vePendle |
Explorer Link | gaugeController |
All StandardizedYieldToken
, PendlePrincipalToken
, PendleYieldToken
, PendleYieldTokenV2
, and PendleMarket
contracts of assets listed under the links below are in scope. Note that each asset will have a different SY but the same PT, YT, and Market.
Rewards are capped at 10% of economic impact.
Likelihood/Impact | >10% TVL | 1-10% TVL | < 1% TVL |
---|---|---|---|
High | Very Critical | Critical | High or Critical |
Medium | Critical | High or Critical | High |
Low | High or Critical | High | Medium |
The Pendle team will exercise its discretion, together with the Cantina team, to judge the severity with the aim of awarding fairly to security researchers.
Likelihood/Impact | Significant | Moderate | Minimal |
---|---|---|---|
High | High or Critical | High | Medium |
Medium | High | Medium | Below Medium |
Low | Medium | Below Medium | Below Medium |
If an issue is discovered and is not from the files listed as In Scope above, security researchers are encouraged to report the finding. Awards for out of scope issues to be determined at the discretion of Pendle Finance.
The Pendle team will be very flexible in assessing all submissions, with the goal of prioritizing the security of the protocol.
Known issues from previous security reviews are considered out of scope.
Are considered out of scope.
address(0)
.$2,000,000 USDC
Started on 14 Jun 2024
Morpho Blue and MetaMorpho form part of the vision to rebuild decentralized lending in layers, with MetaMorpho enabling any lending experience to be rebuilt on a shared and immutable base layer: Morpho Blue.
Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.
Visit the docs for a complete project overview.
Name (address link) | Repo |
---|---|
Morpho Blue | github.com/morpho-org/morpho-blue |
Adaptive Curve Irm | github.com/morpho-org/morpho-blue-irm |
Morpho Chainlink Oracle V2 Factory | github.com/morpho-org/morpho-blue-oracles |
Name (address link) | Repo |
---|---|
MetaMorpho Factory | github.com/morpho-org/metamorpho |
Public Allocator | github.com/morpho-org/public-allocator |
Severity level | Impact: High | Impact: Medium |
---|---|---|
Likelihood:high | $555,555.00 | $100,000.00 |
Likelihood:medium | $100,000.00 | - |
Known issues from previous security reviews are considered out of scope.
Note that the metamorpho repository also gathers the findings on all periphery contracts from the Cantina competition.
address(0)
.All other issues acknowledged in the audits in this repo: https://github.com/morpho-dao/morpho-v1/ and https://github.com/morpho-dao/morpho-aave-v3
$555,555 USDC
Started on 27 Mar 2024
Marginal is a permissionless spot and perpetual exchange that enables leverage on any asset with an Uniswap V3 Oracle.
One can think of the core mechanism of the protocol as analogous to overcollateralized short-selling with the interest payment dictated by a typical perpetual funding rate.
Visit the docs for a complete project overview.
Target URL | Type |
---|---|
MarginalV1Factory.sol | MarginalV1Factory |
MarginalV1Pool.sol | MarginalV1Pool |
Target URL | Type |
---|---|
NonfungiblePositionManager.sol | NonfungiblePositionManager |
Router.sol | Router |
Quoter.sol | Quoter |
Oracle.sol | Oracle |
PoolInitializer.sol | PoolInitializer |
PairArbitrageur.sol | PairArbitrageur |
Severity level | Impact: High | Impact: Medium |
---|---|---|
Likelihood:high | $100,000.00 | - |
Likelihood:medium | - | - |
Known issues from previous security reviews are considered out of scope.
address(0)
.$100,000 USDC
Started on 8 Jul 2024
The bug bounty program is focused on DELV's Hyperdrive smart contracts and is mostly concerned with the loss of user funds and access to those funds without user permission.
To be eligible for a reward under the DELV Bug Bounty Program, you must:
delvtech/hyperdrive
To be eligible for a bounty, we require that Bug bounty hunters, security engineers, and researchers must:
Severity level | Impact: High | Impact: Medium |
---|---|---|
Likelihood:high | $100,000.00 (Critical) | $20,000.00 (High) |
Likelihood:medium | $20,000.00 (High) | $5,000.00 (Medium) |
Not all bugs will be material or warrant a bounty.
address(0)
.$100,000 USDC
Started on 10 Jul 2024
Chronicle Protocol is a novel Oracle solution that has exclusively secured over $10B in assets for MakerDAO and its ecosystem since 2017. With a history of innovation, including the invention of the first Oracle on Ethereum, Chronicle Protocol continues to redefine Oracle networks. A blockchain-agnostic protocol, Chronicle overcomes the current limitations of transferring data on-chain by developing the first truly scalable, cost-efficient, decentralized, and verifiable Oracles, rewriting the rulebook on data transparency and accessibility.
Scribe's technical documentation at docs/
provides complete documentation of the technical decisions, external assumptions, internal invariants, as well as deployment and maintenance guides.
chronicleprotocol/scribe/tree/v2
In scope:
src/
Severity level | Impact: High | Impact: Medium |
---|---|---|
Likelihood:high | $50,000.00 | $30,000.00 |
Likelihood:medium | $30,000.00 | $10,000.00 |
Known issues (Acknowledged/won't fix) from previous security reviews are considered out of scope.
address(0)
.$50,000 USDC
Started on 1 May 2024
On-chain credit platform where high-performing receivables meet with global capital.
Visit the docs for a complete project overview.
Name (address link) | Repo |
---|---|
huma-contracts-v2 | https://github.com/00labs/huma-contracts-v2/tree/main |
Excluding mocks, tests, scripts, etc. Valid issues must satisfy one of the severity definitions below.
Name | Celo Address |
---|---|
Calendar | 0x129686C98916c7fFF9cf9110127402D070183610 |
HumaConfig | 0x9345cc5617F906C62bE1608680B9C0FC3e7707B0 |
HumaConfigTimelock | 0x14B067bac6039429A11baf564db90eDBcc4E27F3 |
PoolConfigImpl | 0x7b6b28434c74E6DB5ba5c9a71eA6ff7A6D5071A5 |
PoolFeeManagerImpl | 0x3D143343FC4bF823365A38Fb76A89754C5C22f77 |
PoolSafeImpl | 0xd2FFCC9f6797ce2D7B503DC3287c4cc4D7fde77F |
FirstLossCoverImpl | 0x0D9b3ecd2B890651EF7dF65650b419a202D38FF4 |
RiskAdjustedTranchesPolicyImpl | 0xe780653d7c03A5199B3c13b8c663fcE2CDd72562 |
FixedSeniorYieldTranchesPolicyImpl | 0x86c3a14EE6f0B9BFeE1439a9b6eA191B565a3A0F |
PoolImpl | 0xa6C59ce6c1E1A519EcE7ad0Eeead31D485C7C8A9 |
EpochManagerImpl | 0x5aF84f6c8c6738417e6081677f186839294b5eEc |
TrancheVaultImpl | 0xf26A071833032Ce57769fdf530E81A28f15671df |
CreditLineImpl | 0x73c16Db24951135BC8A628185BdbfA79115793E5 |
ReceivableBackedCreditLineImpl | 0xE265E07F9d18Df940A75CfFfEA51211F4f0C46cC |
ReceivableFactoringCreditImpl | 0x2DF0091067B29Cbac6bD8C2cE15334dEFEE9738C |
CreditDueManagerImpl | 0xe1Bd10Bba7DF72527dB2F6955d8A731844C8bf84 |
CreditLineManagerImpl | 0xC98dEAA52Ba4848079aA0A4e48BEA6f0AcdC542c |
ReceivableBackedCreditLineManagerImpl | 0xAD3FB6bB897f85125436a63a5b8c3Dfb5928Fa4e |
ReceivableFactoringCreditManagerImpl | 0x7EF17831D7153b085ccDEFc02373234Baec16243 |
ReceivableImpl | 0x8920C27a3D76daA004f373f78fa1Ed01B4940FbA |
LibTimelockController | 0x41B1Dd4c2bbcff308Ef95210532B97DF87D8c053 |
PoolFactoryImpl | 0x2DA34B43089F20c87770674fb7d8Fa5b5384534b |
PoolFactory | 0x85c8dC49B8DaA709e65dd2182e500E8AC3CaA6C7 |
Severity level | Impact: High | Impact: Medium |
---|---|---|
Likelihood:high | $50,000.00 | $25,000.00 |
Likelihood:medium | $25,000.00 | $10,000.00 |
Complete, or near complete, loss of all funds in the protocol.
Meaningful, but limited, loss of funds. Examples include a single pool vulnerable to complete loss of funds, or partial loss of TVL across the protocol such as 15% loss, etc.
Privilege escalation and circumventing access controls not leading to loss of funds in a way that qualifies as a higher severity.
Known issues from previous security reviews are considered out of scope. (Spearbit-Security-Review)
address(0)
.All other issues acknowledged in the audits in the Spearbit-Security-Review
$50,000 USDC
Started on 5 Jul 2024
Spearbit is a distributed network of industry-leading security researchers tackling the most complex and mission-critical protocols across web3.
Cantina is the one-stop shop for all your security needs, allowing you to source the best network of teams, freelancers, and services to keep your smart contracts secure.
Scope: Only vulnerabilities found on our websites
Testing: Do not perform any testing that could disrupt our services or compromise user data.
Disclosure: Do not disclose any vulnerabilities publicly before we've had a chance to address them.
Submission: All submissions must be done on this bounty repository on cantina code. More details on submissions here
Here's a general overview:
Severity | Reward Range |
---|---|
Critical | 25,000 |
High | 20,000 |
Medium | 10,000 |
Low | Discretionary |
Critical
High
Medium
Low
Please note that the final reward amount is at the discretion of our security team and depends on the potential impact and exploitability of the reported vulnerability.
The following activities and vulnerability types are considered out of scope for this bug bounty program:
To ensure safe and responsible testing:
If you're unsure whether a specific test is allowed, please contact us before proceeding.
Thank you for helping us keep our platform secure!
$25,000 USDC
Started on 27 Jul 2024
Cantina is the one-stop shop for all your security needs, allowing you to source the best network of teams, freelancers, and services to keep your smart contracts secure.
Scope: Only vulnerabilities found on our websites
Testing: Do not perform any testing that could disrupt our services or compromise user data.
Disclosure: Do not disclose any vulnerabilities publicly before we've had a chance to address them.
Submission: All submissions must be done on this bounty repository on cantina code. More details on submissions here
Here's a general overview:
Severity | Reward Range |
---|---|
Critical | 25,000 |
High | 20,000 |
Medium | 10,000 |
Low | Discretionary |
Critical
High
Medium
Low
Please note that the final reward amount is at the discretion of our security team and depends on the potential impact and exploitability of the reported vulnerability.
The following activities and vulnerability types are considered out of scope for this bug bounty program:
To ensure safe and responsible testing:
If you're unsure whether a specific test is allowed, please contact us before proceeding.
Thank you for helping us keep our platform secure!
$25,000 USDC
Started on 27 Jul 2024