Secure Your Code in Production with Cantina’s Bug Bounty Program
Leverage our network of 5,000+ security researchers to identify vulnerabilities before they become exploits, providing comprehensive protection for your code in production.
Leverage our network of 5,000+ security researchers to identify vulnerabilities before they become exploits, providing comprehensive protection for your code in production.
$25B+Secured in TVL
4,474Issues uncovered
4,762Researchers onboarded
202Projects secured
$16.1MPaid out to Researchers
$24MAvailable in bounties
$25B+Secured in TVL
4,474Issues uncovered
4,762Researchers onboarded
202Projects secured
$16.1MPaid out to Researchers
$24MAvailable in bounties
$25B+Secured in TVL
4,474Issues uncovered
4,762Researchers onboarded
202Projects secured
$16.1MPaid out to Researchers
$24MAvailable in bounties
Cantina bug bounty program uses AI-powered quality assessment and de-duplication technology to eliminate spam and ensure your team only reviews legitimate, high-impact security findings.
Cantina is the home of the most talented researchers in the industry, all driven to help secure your code in production.
When you complete a security review, competition, and bug bounty program with Cantina, you automatically receive up to $300,000 in free coverage for the first 30 days after launch, with options to enhance your coverage for additional protection. For organizations that have not completed a full security review, competition, and bug bounty with us, additional options are also available as standalone services
A bug bounty program rewards security researchers for identifying vulnerabilities in your live code. Cantina's bug bounty program connects you with 5,000+ vetted researchers who proactively test your application for security risks, helping you find and fix issues before they're exploited by blackhats.
Cantina uses AI-powered filtering and de-duplication to eliminate spam and low-value reports. Our system highlights valid, high-impact findings so your team can focus on what matters most - real vulnerabilities.
We support Web3 startups, DeFi protocols, and blockchain organizations of all sizes. Whether you're launching a new product or maintaining a mature codebase, Cantina's network can help secure your production environment.
Our researchers are verified based on expertise in areas like DeFi, smart contracts, blockchain protocols, and zero-knowledge systems. Many of them are top-ranked specialists with years of experience and proven track records.
We've secured over $25B in TVL, uncovered 4,474 issues, paid out $16.1M to researchers, and supported 200+ projects. Our growing bounty pool currently offers $24M in rewards.
We offer flexible pricing models:
Contact us to find the plan that best fits your team and security goals.
Yes. Projects that complete a full Cantina or Spearbit security review, competition, and bug bounty program are automatically eligible for up to $300,000 in complimentary bug bounty coverage during the first 30 days post-launch. This protects your protocol during its most vulnerable phase without additional cost.
If your project hasn't completed all three components, you can still purchase premium coverage separately. These enhanced options—offered in partnership with Nexus Mutual—include extended protection for both bug bounty payouts and protocol exploit events, giving your team long-term peace of mind no matter where you are in your security journey.
Coverage amounts are based on your Security Score, which evaluates review quality, severity of findings, scope duration, and more. Teams scoring above 90 qualify for the full $300,000, while those between 50–90 may receive up to $200,000. Read more.
Absolutely. Visit our Live Bounties page to explore active opportunities and see how other organizations are using Cantina to secure their code in production.
Programs can go live within a few days. Our team will guide you through scope definition, rules setup, and onboarding to ensure a smooth launch and immediate protection.
We combine deep Web3 security expertise, an elite research community, AI-driven triage, and optional post-review coverage—all focused on helping you ship with confidence and stay secure in production.