Balancer
Search…
Bug Bounty

Overview

Balancer has completed smart contract audits with Trail of Bits and Open Zeppelin. We also will run a continuous bug bounty program for the bronze release of Balancer core.

Scope

The bug bounty covers any of the core smart contracts deployed on Mainnet. The code can be found at: https://github.com/balancer-labs/balancer-core
Additional second layer contracts, such as the exchange proxy or individual smart pool contracts, may be added at a further date.

Rewards

The bounty program will pay out rewards according to the severity of a vulnerability. The final reward amount is at the sole discretion of Balancer Labs. See eligibility section below for more details.
Reward
Severity
Examples
$20,000 - $50,000
Critical
    Stealing assets from a pool
    Permanently freezing pool assets
$10,000 - $20,000
High
    Severe rounding errors where an attacker can steal significant funds in excess of any gas costs or swap fees
    Manipulating a finalized pool's assets / weights / fees
$2,000 - $5,000
Medium
    Minor rounding errors that allow an attacker to slowly manipulate funds to their advantage
$0 - $2,000
Low
    Informational and code quality based disclosures

Reporting / Disclosures

Please report any findings to [email protected], with full details about any vulnerability and steps / code to reproduce. Allow us time to review and remediate any findings before public disclosure.

Ineligible Findings

    Duplicate vulnerabilities. Only the first reporter will be rewarded.
    Findings already known as part of a formal audit.
    Findings related to non-standard ERC20 tokens might be ineligible as many vulnerabilities might be inserted in non-standard ERC20 tokens on purpose for applying for this bug bounty.
Last modified 5mo ago