Ondo Perps
Maximum reward
$1,500,000
Severity
Max. Reward
Critical$1,500,000
High$100,000
Medium$20,000
Low$1,000
Deposit required
$20
Findings submitted
10
Start date
2 Jun 2026
KYC
Required to join
Please sign in as a researcher to join the bounty.
Log inIn scope
Severity
Min and Max Reward
CriticalUp to $1,500,000
High
Up to $100,000
Medium
Up to $20,000
Low
Up to $1,000
The Ondo Perps web interface, application, and API.
If you discover a vulnerability in any component not explicitly listed but which poses a risk to user funds, user data, or system integrity, you may submit it for consideration. Our team will review such submissions on a case-by-case basis.
Name | Description | Asset |
|---|---|---|
| ondoperps.xyz | Website | |
| app.ondoperps.xyz | Web application | |
| api.ondoperps.xyz | API |
Out of scope
Out of Scope
The following issues are out of scope and not eligible for rewards.
For generic exclusions, see the Cantina Bug Bounty Out-of-Scope Policy.
- Social engineering and phishing
- Vulnerabilities in third-party software, platforms, dependencies, or infrastructure providers, unless the report shows a direct, exploitable impact caused by our implementation or configuration of that third party
- Physical security
- Previously reported or already known issues, including duplicate submissions, issues already reported by another researcher, findings previously identified in internal or external security reviews, and vulnerabilities already known to the team, unless the submission demonstrates materially new impact, reachability, or exploitability
- Issues requiring unauthorized access to secrets, keys, or credentials
- Best-practice recommendations without demonstrable impact
- Automated scanner output without validation
- Rate limiting and brute force without account compromise (do not perform high-volume testing)
- Account enumeration without impact
- Email configuration issues
- DNS, subdomain, and dangling record findings without takeover
- Blockchain risks outside of our control
- AI-generated or low-effort submissions
Default Out of Scope
Standard out-of-scope items per the Cantina Bug Bounty Out-of-Scope Policy.