Ondo Perps

Ondo Perps

@OndoPerps
Live

Maximum reward

$1,500,000

Severity

Max. Reward

Critical

$1,500,000

High

$100,000

Medium

$20,000

Low

$1,000

Deposit required

$20

Findings submitted

10

Start date

2 Jun 2026

KYC

Required to join

Please sign in as a researcher to join the bounty.

Log in

In scope

Severity

Min and Max Reward

Critical

Up to $1,500,000


High

Up to $100,000


Medium

Up to $20,000


Low

Up to $1,000

The Ondo Perps web interface, application, and API.

If you discover a vulnerability in any component not explicitly listed but which poses a risk to user funds, user data, or system integrity, you may submit it for consideration. Our team will review such submissions on a case-by-case basis.

Name
Description
Asset
ondoperps.xyz

Website

app.ondoperps.xyz

Web application

api.ondoperps.xyz

API

Out of scope

Out of Scope

The following issues are out of scope and not eligible for rewards.

For generic exclusions, see the Cantina Bug Bounty Out-of-Scope Policy.

  • Social engineering and phishing
  • Vulnerabilities in third-party software, platforms, dependencies, or infrastructure providers, unless the report shows a direct, exploitable impact caused by our implementation or configuration of that third party
  • Physical security
  • Previously reported or already known issues, including duplicate submissions, issues already reported by another researcher, findings previously identified in internal or external security reviews, and vulnerabilities already known to the team, unless the submission demonstrates materially new impact, reachability, or exploitability
  • Issues requiring unauthorized access to secrets, keys, or credentials
  • Best-practice recommendations without demonstrable impact
  • Automated scanner output without validation
  • Rate limiting and brute force without account compromise (do not perform high-volume testing)
  • Account enumeration without impact
  • Email configuration issues
  • DNS, subdomain, and dangling record findings without takeover
  • Blockchain risks outside of our control
  • AI-generated or low-effort submissions

Default Out of Scope

Standard out-of-scope items per the Cantina Bug Bounty Out-of-Scope Policy.