Circuit

Circuit

@circuitdao
Live

Maximum reward

$20,000

Severity

Max. Reward

Critical

$20,000

High

$10,000

Medium

$2,000

No deposit required

Findings submitted

73

Start date

5 Nov 2025

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

In scope

Core ContractsOther In-Scope Assets

Severity

Min and Max Reward

Critical

Up to $20,000

High

Up to $10,000

Medium

Up to $2,000

LowDiscretionary
InformationalDiscretionary

Core contracts and type of files in scope.

If you discover a vulnerability in any component that is not explicitly listed but poses a risk to user funds, user data, or the integrity of the system, you may submit it for consideration. The team will review such submissions on a case-by-case basis.

Note: Actual reward amounts are determined at Voltage Technologies’s sole discretion. Factors influencing payout include quality of report, completeness, and the severity and exploitability of the vulnerability.

Name
Description
Asset
Core Contracts

a78e…c7bf

Out of scope

  • Expected behaviors such as trusted/untrusted roles and/or any accepted risks:
    • Data provider collusion
    • The majority of governance token holders colluding
  • Issues identified in previous security reviews (incl Cantina audit competition) that the team decided not to fix or address (usually because they were of low or informational severity). Note however that fixes to issues identified in previous security reviews are in-scope, i.e. fixes that did not eliminate the vulnerability or introduced a new one.
  • Web Interface / Application:
    • https://circuitdao.com
    • The app connects to a deployment of the protocol on Chia testnet11. The puzzles deployed are those of commit ID 1f2bf0396a5a1d538f9a5fccbcfc11cdacce8293. The app only exposes a subset of protocol operations. The full set of operations is accessible via the CLI: https://github.com/circuitdao/circuit-cli

Default Out of Scope: