Secure Your Code in Production with Cantina’s Bug Bounty Program

Leverage our network of 5,000+ security researchers to identify vulnerabilities before they become exploits, providing comprehensive protection for your code in production.

Cantina logo - web3 security audit partner.
Bounties

Advanced Bug Bounty Program with Intelligent Filtering

Cantina bug bounty program uses AI-powered quality assessment and de-duplication technology to eliminate spam and ensure your team only reviews legitimate, high-impact security findings.

Cantina Assistant identifies potential duplicate findings.Alert notification showing Cantina Assistant has identified potential duplicate entries for the current security vulnerability finding.

Pricing Options To Suit Your Organization's Needs

Flat percentage fee on bounties paid out

Fixed yearly fee with triaging support

Monthly subscription with triaging support

Pricing Options

Free plan

$0
  • Setup your own bounty
  • Up to 100 finding submissions
  • $50k reward limit
  • Self-served triage
  • Reporting and analytics
  • Email notifications

Gold plan

Get started with 3 free months
  • Setup your own bounty
  • Unlimited finding submissions
  • $250k reward limit
  • Self-served triage
  • Reporting and analytics
  • Email + 1 custom notification

Enterprise plan

Custom pricing
  • Full service setup
  • Unlimited finding submissions
  • Unlimited rewards
  • Managed triage
  • Reporting and analytics
  • Notifications with 30+ destinations (including email)

Deploy Thousands Of The Best Security Researchers

Cantina is the home of the most talented researchers in the industry, all driven to help secure your code in production.

Bug Bounty Cover

When you complete a security review, competition, and bug bounty program with Cantina, you automatically receive up to $300,000 in free coverage for the first 30 days after launch, with options to enhance your coverage for additional protection. For organizations that have not completed a full security review, competition, and bug bounty with us, additional options are also available as standalone services

Bug bounty icon representing Cantina’s crowdsourced Web3 vulnerability discovery and reward system.

Frequently Asked Questions

What is a bug bounty program, and how does Cantina's work?

A bug bounty program rewards security researchers for identifying vulnerabilities in your live code. Cantina's bug bounty program connects you with 5,000+ vetted researchers who proactively test your application for security risks, helping you find and fix issues before they're exploited by blackhats.

How does Cantina ensure high-quality security findings?

Cantina uses AI-powered filtering and de-duplication to eliminate spam and low-value reports. Our system highlights valid, high-impact findings so your team can focus on what matters most - real vulnerabilities.

What types of organizations use Cantina's bug bounty program?

We support Web3 startups, DeFi protocols, and blockchain organizations of all sizes. Whether you're launching a new product or maintaining a mature codebase, Cantina's network can help secure your production environment.

How are researchers selected or verified?

Our researchers are verified based on expertise in areas like DeFi, smart contracts, blockchain protocols, and zero-knowledge systems. Many of them are top-ranked specialists with years of experience and proven track records.

What results has Cantina delivered so far?

We've secured over $25B in TVL, uncovered 4,474 issues, paid out $16.1M to researchers, and supported 200+ projects. Our growing bounty pool currently offers $24M in rewards.

How much does it cost to run a bug bounty with Cantina?

We offer flexible pricing models:

  • Flat percentage on bounties paid out
  • Fixed annual fee with triaging support
  • Monthly subscriptions with triaging support

Contact us to find the plan that best fits your team and security goals.

Is there any insurance or coverage included?

Yes. Projects that complete a full Cantina or Spearbit security review, competition, and bug bounty program are automatically eligible for up to $300,000 in complimentary bug bounty coverage during the first 30 days post-launch. This protects your protocol during its most vulnerable phase without additional cost.

If your project hasn't completed all three components, you can still purchase premium coverage separately. These enhanced options—offered in partnership with Nexus Mutual—include extended protection for both bug bounty payouts and protocol exploit events, giving your team long-term peace of mind no matter where you are in your security journey.

Coverage amounts are based on your Security Score, which evaluates review quality, severity of findings, scope duration, and more. Teams scoring above 90 qualify for the full $300,000, while those between 50–90 may receive up to $200,000. Read more.

Can I browse current live bounties?

Absolutely. Visit our Live Bounties page to explore active opportunities and see how other organizations are using Cantina to secure their code in production.

How quickly can I launch a bug bounty with Cantina?

Programs can go live within a few days. Our team will guide you through scope definition, rules setup, and onboarding to ensure a smooth launch and immediate protection.

What makes Cantina different from other bug bounty platforms?

We combine deep Web3 security expertise, an elite research community, AI-driven triage, and optional post-review coverage—all focused on helping you ship with confidence and stay secure in production.

Live Bounties