Ammalgam Bug Bounty
Maximum reward
$25,000
Severity
Max. Reward
Critical$25,000
High$10,000
Deposit required
$50
Findings submitted
12
Start date
9 Jul 2026
Please sign in as a researcher to join the bounty.
Log inIn scope
Severity
Min and Max Reward
CriticalUp to $25,000
High
Up to $10,000
The Ammalgam DLEX core protocol smart contracts, deployed on Ethereum mainnet. All contract-level vulnerabilities in the deployed contracts listed below are in scope.
Name | Description | Asset |
|---|---|---|
| Interest | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| Validation | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| Liquidation | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| TimelockController | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| SaturationAndGeometricTWAPState | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| TransparentUpgradeableProxy | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| AmmalgamPair | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| PairLockedLoans | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| PairBlockLendingFundRemoval | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| PairFrozen | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| BeaconController | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| HookRegistry | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| ERC20LiquidityTokenFactory | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| ERC4626DepositTokenFactory | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| ERC4626DebtTokenFactory | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| ERC20DebtLiquidityTokenFactory | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| AmmalgamFactory | Ammalgam DLEX contract deployed on Ethereum mainnet. | |
| PeripheralLending | Ammalgam DLEX contract deployed on Ethereum mainnet. |
Out of scope
Out of Scope
The following are considered known issues and are not eligible for rewards. For generic exclusions, see the Cantina Bug Bounty Out-of-Scope Policy.
- Any issue that does not result in an on-chain loss of funds
- Informational findings and design choices related to the protocol
- Issues that are ultimately user errors and can easily be caught in the frontend (for example, transfers to
address(0)) - Rounding errors and off-by-one behavior in the ERC-4626 helper interfaces that do not result in a loss of funds
- Relatively high gas consumption
- Loss of funds resulting from violent market price movements, specifically any price increase greater than 33% or price decrease greater than 25% within a single block or 8-second period
Default Out of Scope
Standard out-of-scope items per the Cantina Bug Bounty Out-of-Scope Policy.