Euler / eulerswap-ctf
Eulerswap introduces composable liquidity with lending-native yield mechanics, opening its infrastructure to researchers for deliberate, uncompromised testing. A smarter DEX with lending-boosted yield, deeper just-in-time liquidity, and native support for LP positions as collateral.# Euler CTF
Hack Euler. Keep the money.
Live Mainnet Testing
Starting June 2nd, Euler deployed new USDC/USDT swap contracts to Ethereum mainnet with $500,000 in real, onchain liquidity. This is not a simulation — it’s a live production test.
The objective is to exploit the contracts in scope and keep the funds, assuming:
- Your activity goes through Cantina’s platform.
- You’ve completed KYC.
- You follow the defined scope and rules of engagement.
Exploits conducted outside the Cantina flow will be pursued by Euler.
Participation Requirements
- Sign up at cantina.xyz and complete the KYC process.
- Add your wallet address to your profile (Profile -> Edit Profile -> CTF Addresses).
- Agree to the terms of participation to access the gated CTF environment.
- The contracts are live on Ethereum mainnet, The addresses are within the Cantina repository here.
- Submit any valid exploit (and supporting writeup) through Cantina’s interface with a link to the transaction (Etherscan or equivalent).
- There is no judging. No severity debates. No PoCs. Just hacking.
Participants operating within this framework are eligible to retain recovered funds.
Scope
- Any assets held by the Swap Account can be stolen if the swap is executed through a EulerSwap Operator contract deployed by the accepted EulerSwap Protocol factory.
- Addressed are within this cantina repository readme.
What Makes This Different
Euler has already completed six audits. This CTF is a new layer of validation: transparent, high-stakes testing of live contracts — with real money, on mainnet.
If the contracts break, the researcher keeps the funds. If they hold, Euler proves their resilience.
There is no simulation, no delay, and no abstraction. This is protocol security tested under real-world conditions.
Resources
Out of scope
- Other Euler smart contracts. Any other contract that is currently in scope of the Cantina Euler Bug Bounty is considered strictly out of scope and must be reported via the Cantina Euler Bug Bounty Program.
Summary
Status
LiveTotal reward:
$500,000
Start date:
3 Jun 2025 4:00pm (local time)
End date:
10 Jun 2025 8:00pm (local time)
KYC
Required to join