BitGo Bug Bounty

BitGo Bug Bounty

@bitgo
Live

Maximum reward

$75,000

Severity

Max. Reward

Critical

$75,000

High

$37,500

Medium

$2,500

Low

$1,500

No deposit required

Findings submitted

22

Start date

17 Mar 2026

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

In scope

Core Smart Contracts

Severity

Min and Max Reward

Critical

Up to $75,000

High

Up to $37,500

Medium

Up to $2,500

Low

$1,000 to $1,500

Solidity contract files in both repos, their deployment/integration logic, and contract-level flaws that could affect multisig wallet security, funds management, or permissions.

Contracts are for modern, Ethereum-compatible EVM chains.

If you discover a vulnerability in any component not explicitly listed but which poses a risk to user funds, user data, or system integrity, you may submit it for consideration. Our team will review such submissions on a case-by-case basis.

Special Focus Areas

The bounty will place particular emphasis on, but is not limited to:

  • Balancing bugs (fund accounting errors)
  • EVM opcode exploit vectors (e.g., call, delegatecall, staticcall, selfdestruct risks)
  • Arithmetic manipulation attacks (such as overflow/underflow or rounding issues leading to fund misallocation)
  • Transaction ordering and front-running issues
  • Signature-related vulnerabilities that directly impact funds or wallet control
Name
Description
Asset
eth-multisig-v4

BitGo ETH Multisig v4

https://github.com/BitGo/eth-multisig-v4

eth-multisig-v2

BitGo ETH Multisig v2

https://github.com/BitGo/eth-multisig-v2

Out of scope

The following issues are out of scope and not eligible for rewards under the bug bounty program.

Exceptions apply only if a submission includes a working on-chain proof-of-concept (PoC) that demonstrates real fund loss or unauthorized control on a supported chain deployment.

For generic exclusions, see the Cantina Bug Bounty Out-of-Scope Policy.

Out-of-Scope Chains for eth-multisig-v4

  • Ethereum Classic (ETC)
  • Celo
  • Avalanche C-Chain
  • Any legacy or non-standard EVM lacking full support for modern Ethereum-compatible opcode semantics (including chain-specific incompatibilities)

Design-Accepted & Trust Assumptions

The following are intentional design choices and are out of scope:

  • Centralization or privileged-role risks (e.g., owner-controlled functions in Batcher.sol)
  • Trust assumptions involving BitGo-operated multisignature ownership
  • Any report assuming malicious behavior by trusted owners, operators, or signers without an authorization bypass

Off-Chain-Enforced Validation

The following validations are enforced off-chain and intentionally omitted on-chain. Reports relying on bypassing these checks are out of scope:

  • Zero-address (address(0)) validation
  • Wallet signer uniqueness or signer array validation
  • Recovery wallet initialization correctness
  • Any issue depending on manipulation of BitGo internal systems, APIs, or operational processes

Explicitly Excluded Vulnerability Classes

  • Forced ETH deposits via SELFDESTRUCT: Reports demonstrating forced ETH transfers via SELFDESTRUCT and subsequent withdrawals, without an exploitable contract logic flaw enabling theft or privilege escalation.
  • Key reuse across multiple wallets: Issues related to the same address being reused as a signer across multiple wallets.

Informational & Non-Exploitable Issues

  • Gas optimizations
  • Coding style or readability issues
  • Best-practice recommendations without exploitability
  • Missing or additional event emissions
  • Monitoring, alerting, or observability gaps