Kuru Bug Bounty

@kurulabs

Live

Maximum reward

$50,000

Severity

Max. Reward

Critical

$50,000

High

$25,000

Medium

$5,000

No deposit required

Findings submitted

102

Start date

24 Nov 2025

Please sign in as a researcher to join the bounty.

Severity

Min and Max Reward

Critical

Up to $50,000

High

Up to $25,000

Medium

Up to $5,000

LowDiscretionary

Specific Kuru Active Vault contract source files and repository paths that are in scope.

Source of truth:
- Deployed on-chain contracts are final and GitHub is reference-only except for Kuru Active Vaults.
Documentation link - https://docs.kuru.io/contracts/Architecture-overview
Audit links - https://docs.kuru.io/contracts/Audits
Github links for reference:

Name	Description	Asset
Vault	Vault.sol source file for Kuru Active Vaults included in scope.	https://github.com/Kuru-Labs/…/AuditFixes-Spearbit/src/Vault.sol
LiquidityShares	LiquidityShares.sol library source file for Kuru Active Vaults included in scope.	https://github.com/Kuru-Labs/…/src/libraries/LiquidityShares.sol

Out of Scope

Vault DOS with low liquidity
- The vault can be DOSed at very low liquidity where it becomes infeasible to place taker orders or place liquidity at a desired price.
- This is a known issue and at low available sizes, the orderbook stops routing through the AMM vault. This is a known and accepted issue.
- The market deployer is responsible for setting the initial liquidity and should be aware of this limitation.
Issues from badly set market parameters
- Issues arising from badly set market parameters are not in scope. The market deployer is responsible for choosing appropriate parameters as it is difficult to set the same without price information.
Market DOS by bypassing minimum order size through flip orders
- A market can be temporarily DOSed by bypassing the minimum order size through filling flip orders.
- However, this is difficult to perform in an actively trading market and requires a large amount of funds to be locked up.
- Therefore, this issue is out of scope.
Price oracle related issues in KuruForwarder
- The price dependent requests in KuruForwarder does a direct check on the price of the market instead of relying on a TWAP oracle.
- This is known and accepted, the responsibility of fulfilling EIP712 requests lies with the user or customized relayer. Similarly, the kind of price comparisons made in the price dependent requests are intentional.