Launch and Scale DeFi Securely with Cantina’s Bug Bounty Program

DeFi protocols are high-value targets—and every deployed contract is a potential entry point. Cantina’s bug bounty platform helps DeFi teams crowdsource security across lending pools, AMMs, oracles, and governance modules, surfacing vulnerabilities that traditional audits may miss.

Get Started
View all Bounties
Cantina logo - web3 security audit partner.
Bounties

$25B+Secured in TVL

4,474Issues uncovered

4,762Researchers onboarded

202Projects secured

$25MPaid out to Researchers

$24MAvailable in bounties

$25B+Secured in TVL

4,474Issues uncovered

4,762Researchers onboarded

202Projects secured

$25MPaid out to Researchers

$24MAvailable in bounties

$25B+Secured in TVL

4,474Issues uncovered

4,762Researchers onboarded

202Projects secured

$25MPaid out to Researchers

$24MAvailable in bounties

Spam and Low-Quality Submission Protection

AI-Powered Triaging, Built for DeFi

We understand that spam and low-quality submissions are a major pain point for organizations running bug bounty programs on other platforms. At Cantina, we address this challenge with a two-pronged approach:

  • Expert Triagers: Our dedicated team of experienced triagers reviews incoming vulnerability reports to ensure that only legitimate, high-quality findings reach your team. This human layer of review is especially valuable for filtering out spam, duplicates, and low-effort submissions, allowing you to focus on real security issues.
  • AI-Powered Quality Assessment: Cantina’s platform incorporates advanced AI technology for quality assessment and de-duplication. This intelligent filtering system automatically flags potential spam and low-value reports, further reducing noise and ensuring your team only spends time on actionable findings.

By combining skilled human triagers with automated filtering, Cantina delivers a streamlined, high-signal bug bounty experience—helping you avoid the frustration of spam and low-quality findings common on other platforms.

Cantina Assistant identifies potential duplicate findings.Alert notification showing Cantina Assistant has identified potential duplicate entries for the current security vulnerability finding.

Pricing Options To Suit Your Organization's Needs

Contact us

Flat percentage fee on bounties paid out

Fixed yearly fee with triaging support

Monthly subscription with triaging support

Pricing Options

Free plan

$0
  • Setup your own bounty
  • Up to 100 finding submissions
  • $50k reward limit
  • Self-served triage
  • Reporting and analytics
  • Email notifications
Contact Our Team

Gold plan

Get started with 3 free months
  • Setup your own bounty
  • Unlimited finding submissions
  • $250k reward limit
  • Self-served triage
  • Reporting and analytics
  • Email + 1 custom notification
Contact Our Team

Enterprise plan

Custom pricing
  • Full service setup
  • Unlimited finding submissions
  • Unlimited rewards
  • Managed triage
  • Reporting and analytics
  • Notifications with 30+ destinations (including email)
Contact Our Team

Deploy Thousands Of The Best Security Researchers

Cantina is the home of the most talented researchers in the industry, all driven to help secure your code in production.

Bug Bounty Cover

When you complete a security review, competition, and bug bounty program with Cantina, you automatically receive up to $300,000 in free coverage for the first 30 days after launch, with options to enhance your coverage for additional protection. For organizations that have not completed a full security review, competition, and bug bounty with us, additional options are also available as standalone services

Contact Us
Bug bounty icon representing Cantina’s crowdsourced Web3 vulnerability discovery and reward system.

FAQ

What kinds of DeFi protocols use Cantina’s bounty platform?

We support lending markets, AMMs, yield strategies, stablecoins, governance frameworks, and permissionless pools—both on Ethereum and L2 ecosystems.

What types of bugs are commonly found in DeFi bounties?

We often catch price oracle manipulation, precision rounding errors, fee misrouting, flash loan exploits, and unintended protocol behavior under economic stress.

How does Cantina maintain quality in DeFi-focused reports?

Our triaging engine uses DeFi-specific heuristics to auto-dismiss invalid submissions. Reports from vetted researchers go through an expert layer of protocol-aware triage.

Can I launch a bounty alongside ongoing protocol upgrades?

Yes. Many DeFi teams run bounties continuously across contracts, modules, or vaults—especially when rolling out new mechanics or adjusting parameters.

Do bounties support testnet or staging environments?

Absolutely. You can scope bounties for testnets with mock liquidity or economic simulations to help catch logic flaws before hitting mainnet.

Can we integrate bounties with token incentives or DAO proposals?

Yes. Cantina helps align bounty rewards with your governance flows, treasury strategies, and contributor incentive models.

What experience does Cantina have with DeFi security?

We’ve supported protocols like Morpho, Sushi, and Polynomial with reviews and bounty coordination across billions in TVL.

Live Bounties

View All