Perena Bug Bounty

Perena Bug Bounty

@perena
Live

Maximum reward

$25,000

Severity

Max. Reward

Critical

$25,000

High

$10,000

Medium

$2,500

Low

$500

Deposit required

$20

Findings submitted

4

Start date

6 Apr 2026

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

Perena is a stablecoin infrastructure protocol on Solana. Its flagship product, USD*, is a unified stablecoin that aggregates fragmented stablecoin liquidity. The protocol's core functionality includes minting, redeeming, yield distribution, and pool management.

Severity Definitions

  • Critical: Vulnerabilities that could lead to direct loss, theft, or permanent freezing of user funds. Examples include unauthorized minting, bypassing redemption controls, or manipulating yield distribution to drain funds.
  • High: Vulnerabilities that could lead to temporary freezing of funds, manipulation of protocol state, or significant disruption to core protocol operations.
  • Medium: Vulnerabilities that could lead to minor protocol disruption or edge-case scenarios with limited impact on user funds.
  • Low: Vulnerabilities with minimal impact, such as minor data inconsistencies or non-critical logic errors.

In addition to the above definitions, we will also use the Cantina Bug Bounty Severity Classification Framework to determine severity.

Prohibited Actions

  • Do not exploit vulnerabilities beyond proof-of-concept demonstration
  • Do not access, modify, or delete other users' data
  • Do not test against production environments - use a local fork only
  • Do not run automated scanning that generates excessive traffic
  • Do not submit multiple vulnerabilities per report unless chaining is required for demonstration
  • Do not share vulnerability details with third parties before a fix is deployed

Eligibility

Perena provides safe harbor for security researchers acting in good faith and following these policy guidelines. Researchers must allow Perena a reasonable amount of time (minimum 90 days) before any public disclosure.

Researchers must not be:

  • Residents of OFAC-sanctioned countries
  • Current or recent employees, contractors, or auditors of Perena

Other Terms

  • Perena will acknowledge receipt of submissions within 48 hours and provide an initial assessment within 7 business days
  • All submissions must be made through the Cantina platform
  • Do not submit vulnerabilities via public GitHub issues