pump.fun / PumpSwap
Pump allows anyone to create coins. All coins created on Pump are fair-launch, meaning everyone has equal access to buy and sell when the coin is first created.
This competition has 2 codebases. One is the pump bonding curve which facilitates coin launching and a bonding curve which coins can trade on. The bonding curve uses the constant product design. The other code base is the pump swap contracts which facilitates liquidity provisioning and trading using a constant product formula to determine the price and lp tokens to represent liquidity positions.
Instructions to Join:
- If you are interested in participating in this competition, please fill out the form below.
- If you qualify, you will receive an email with instructions to sign an NDA.
- Only after signing the NDA and completing KYC on the cantina platform will you be able to participate in the competition.
- Please note that participant selection is at the sole discretion of Cantina and the Pump.fun team.
Prize distribution and scoring
-
Total Prize Pool: $2,010,000
-
Primary Prize Pool: $2,005,000
-
The prize distribution has 3 possible triggers:
- If one or more valid medium severity findings are found, the total pot size is $10,000
- If one or more valid high severity findings are found, the total pot size is $500,000
- If one or more valid critical severity findings are found, the total pot size is $2,010,000
-
$5,000 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.
- 1st-5th: $1k each
Severity definition:
Risk Classification Matrix
Please note that the competition has an additional Critical severity. A Critical Severity finding is worth 20 points.
| Severity level | Impact: High | Impact: Medium | Impact: Low |
|---|---|---|---|
| Likelihood: High | Critical/High (Conditional) | High | Medium |
| Likelihood: Medium | High | Medium | Low |
| Likelihood: Low | Medium | Low | Informational |
Critical severity:
-
If an attack can result in a loss of more than 50% of the TVL then this can be considered as a critical severity finding.
-
Please note there must be sufficient information and undeniable Proof of concept which should be easily verifiable for the loss amount for the finding to be considered Critical with absolutely no ambiguity.
-
Scoring described in the competition scoring page.
-
Findings Severities described in detail on our docs page.
Documentation
- Pump Solana Contract Walkthrough
- Pump AMM Walkthrough This can be shown from the code view on the top right in the file, or through the comments tab.
Scope
- Repository: pumpswap-monorepo
- Files: All files in
pump-contracts-solana/programs/pump/srcpump-amm-2/programs/pump-amm/src
Build Instructions
- Please refer the README within each of the repositories.
POC Rule
- This competition has the mandatory POC rule. All Critical And High severity submissions must have a POC.
- Both repositories have an extensive test suite based on SolanaProgramTest. Any of those tests can be used as an example test for any POC.
pump-contracts-solana/programs/pump/testspump-amm-2/programs/pump-amm/tests/testsuite
- Both repositories have an extensive test suite based on SolanaProgramTest. Any of those tests can be used as an example test for any POC.
Out of scope
- Any issues reported in the audits from the following directories will not be considered valid
pump-contracts-solana/auditspump-amm-2/audits
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
CompletedTotal reward:
$2,010,000
Findings submitted:
185
Start date:
21 Mar 2025 8:00pm (local time)
End date:
4 Apr 2025 8:00pm (local time)