Ammalgam Bug Bounty

Ammalgam Bug Bounty

@ammalgam
Live

Maximum reward

$25,000

Severity

Max. Reward

Critical

$25,000

High

$10,000

Deposit required

$50

Findings submitted

12

Start date

9 Jul 2026

Please sign in as a researcher to join the bounty.

Log in

In scope

Severity

Min and Max Reward

Critical

Up to $25,000


High

Up to $10,000

The Ammalgam DLEX core protocol smart contracts, deployed on Ethereum mainnet. All contract-level vulnerabilities in the deployed contracts listed below are in scope.

Name
Description
Asset
Interest

Ammalgam DLEX contract deployed on Ethereum mainnet.

Validation

Ammalgam DLEX contract deployed on Ethereum mainnet.

Liquidation

Ammalgam DLEX contract deployed on Ethereum mainnet.

TimelockController

Ammalgam DLEX contract deployed on Ethereum mainnet.

SaturationAndGeometricTWAPState

Ammalgam DLEX contract deployed on Ethereum mainnet.

TransparentUpgradeableProxy

Ammalgam DLEX contract deployed on Ethereum mainnet.

AmmalgamPair

Ammalgam DLEX contract deployed on Ethereum mainnet.

PairLockedLoans

Ammalgam DLEX contract deployed on Ethereum mainnet.

PairBlockLendingFundRemoval

Ammalgam DLEX contract deployed on Ethereum mainnet.

PairFrozen

Ammalgam DLEX contract deployed on Ethereum mainnet.

BeaconController

Ammalgam DLEX contract deployed on Ethereum mainnet.

HookRegistry

Ammalgam DLEX contract deployed on Ethereum mainnet.

ERC20LiquidityTokenFactory

Ammalgam DLEX contract deployed on Ethereum mainnet.

ERC4626DepositTokenFactory

Ammalgam DLEX contract deployed on Ethereum mainnet.

ERC4626DebtTokenFactory

Ammalgam DLEX contract deployed on Ethereum mainnet.

ERC20DebtLiquidityTokenFactory

Ammalgam DLEX contract deployed on Ethereum mainnet.

AmmalgamFactory

Ammalgam DLEX contract deployed on Ethereum mainnet.

PeripheralLending

Ammalgam DLEX contract deployed on Ethereum mainnet.

Out of scope

Out of Scope

The following are considered known issues and are not eligible for rewards. For generic exclusions, see the Cantina Bug Bounty Out-of-Scope Policy.

  • Any issue that does not result in an on-chain loss of funds
  • Informational findings and design choices related to the protocol
  • Issues that are ultimately user errors and can easily be caught in the frontend (for example, transfers to address(0))
  • Rounding errors and off-by-one behavior in the ERC-4626 helper interfaces that do not result in a loss of funds
  • Relatively high gas consumption
  • Loss of funds resulting from violent market price movements, specifically any price increase greater than 33% or price decrease greater than 25% within a single block or 8-second period

Default Out of Scope

Standard out-of-scope items per the Cantina Bug Bounty Out-of-Scope Policy.