Eulerswap introduces composable liquidity with lending-native yield mechanics, opening its infrastructure to researchers for deliberate, uncompromised testing. A smarter DEX with lending-boosted yield, deeper just-in-time liquidity, and native support for LP positions as collateral.# Euler CTF

Hack Euler. Keep the money.

Live Mainnet Testing

Starting June 2nd, Euler deployed new USDC/USDT swap contracts to Ethereum mainnet with $500,000 in real, onchain liquidity. This is not a simulation — it’s a live production test.

The objective is to exploit the contracts in scope and keep the funds, assuming:

  • Your activity goes through Cantina’s platform.
  • You’ve completed KYC.
  • You follow the defined scope and rules of engagement.

Exploits conducted outside the Cantina flow will be pursued by Euler.

Participation Requirements

  • Sign up at cantina.xyz and complete the KYC process.
  • Add your wallet address to your profile (Profile -> Edit Profile -> CTF Addresses).
  • Agree to the terms of participation to access the gated CTF environment.
  • The contracts are live on Ethereum mainnet, The addresses are within the Cantina repository here.
  • Submit any valid exploit (and supporting writeup) through Cantina’s interface with a link to the transaction (Etherscan or equivalent).
  • There is no judging. No severity debates. No PoCs. Just hacking.

Participants operating within this framework are eligible to retain recovered funds.

Scope

  • Any assets held by the Swap Account can be stolen if the swap is executed through a EulerSwap Operator contract deployed by the accepted EulerSwap Protocol factory.
  • Addressed are within this cantina repository readme.

What Makes This Different

Euler has already completed six audits. This CTF is a new layer of validation: transparent, high-stakes testing of live contracts — with real money, on mainnet.

If the contracts break, the researcher keeps the funds. If they hold, Euler proves their resilience.

There is no simulation, no delay, and no abstraction. This is protocol security tested under real-world conditions.

Resources

Out of scope

Summary

Status

Live

Total reward:

$500,000

Start date:

3 Jun 2025 4:00pm (local time)

End date:

10 Jun 2025 8:00pm (local time)

KYC

Required to join