Concrete

Concrete

@concretefinance
Live

Maximum reward

$250,000

Severity

Max. Reward

Critical

$250,000

High

$100,000

No deposit required

Findings submitted

162

Start date

5 Nov 2025

KYC

Required to join

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

In scope

Core ContractsWeb Interface / ApplicationOther In-Scope Assets

Severity

Min and Max Reward

Critical

Up to $20,000

High

Up to $5,000

The public web application and frontend interfaces for user interactions with the protocol.

If you discover a vulnerability in any component not explicitly listed but which poses a risk to user funds, user data, or system integrity, you may submit it for consideration. Our team will review such submissions on a case-by-case basis.

Rewards will be further capped at 10% of direct funds at risk at the time of reporting the bug. Funds at risk defined as funds at risk of being stolen to an EOA not controlled by the protocol or permanently locked and unrecoverable due to smart contract failure caused by griefing. Calculated based on a snapshot at report timestamp;

Note: Actual reward amounts are determined at Concrete’s sole discretion. Factors influencing payout include report quality, completeness, and severity/exploitability.

Name
Description
Asset
Concrete Earn App

Public frontend application for Concrete Earn.

https://app.concrete.xyz/earn

Out of scope

The following targets are excluded from this bug bounty program:

  • Attacks resulting from privileged roles becoming compromised
  • Third-party libraries. However upstream bugs that directly impact user funds in our protocol are in-scope as well as the correctness of integration with the library, e.g. OpenZeppelin, LayerZero etc
  • Deployed non-production contracts.
  • Non-standard assets (e.g. non-transferrable, soul-bound, erc-777 or in/de-flationary assets)
  • Gas optimizations and best practices
  • Backend and any attack vectors involving privileged roles becoming compromised.
  • Deployment scripts and test code