Security Bounty Program

Help Us Secure the Future of Private Finance

We prioritize security alongside privacy and reward ethical hackers and researchers for identifying vulnerabilities in our protocol, ensuring a safer DeFi ecosystem.

Submit Vulnerability

Why Participate?

SECURITY_MODULE_CSE_001
Community Impact

Contribute To Safer DEFI

Your findings protect thousands of users and millions in on-chain assets, fostering trust in private finance.

Impact Assessment:
Classification: Community Impact
SECURITY_MODULE_ECR_002
Financial Reward

Earn Competitive Rewards

Eligible vulnerability reports earn rewards based on severity, from minor issues to critical exploits.

Impact Assessment:
Classification: Financial Reward
SECURITY_MODULE_TC_003
Professional Growth

Transparent Collaboration

Engage with clear guidelines and fair recognition, working alongside our expert team.

Impact Assessment:
Classification: Professional Growth
SECURITY_MODULE_CCT_004
Expert Access

Collaborate With Core Team

Work alongside experienced protocol developers, security researchers, and ZK cryptography experts.

Impact Assessment:
Classification: Expert Access
Participation Incentives: Maximum | Collaboration Mode: Active | Threat Level: Monitored

Scope Of Reports

We seek vulnerabilities that improve the security of:

Critical Priority
High Risk

Smart Contracts

Any bug or exploit in deployed contracts.

Vulnerability Types:
Reentrancy
Integer Overflow
Access Control
Logic Errors
High Priority
Medium Risk

Wallet SDK

Issues impacting privacy, integrity, or transaction flows.

Vulnerability Types:
Private Key Leak
Transaction Malleability
RPC Injection
Critical Priority
Critical Risk

Protocol Logic

Weaknesses in transaction shielding, unshielding, or zero-knowledge proof mechanisms.

Vulnerability Types:
ZK Proof Bypass
Privacy Leak
Double Spending
Medium Priority
Low Risk

Frontend Interfaces

Security flaws in user-facing wallets or portals.

Vulnerability Types:
XSS
CSRF
SESSION Hijack
Phishing Vectors
High Priority
High Risk

Compliance Features

Bypass or manipulation of viewing keys or proofs.

Vulnerability Types:
Key Exposure
Proof Manipulation
Audit Bypass

Out Of Scope Exclusions

Issues on test networks or expired deployments
Known vulnerabilities in third-party tools
Bugs that require unrealistic user behavior
UI/UX cosmetic issues without security impact
Exclusion Status: Strictly Enforced
Scope Analysis: Complete | Target Categories: 05/05 | Exclusions: Active

Bounty Rewards

Threat: Maximum
🟥

Critical

Up to $50,000+
Catastrophic system compromise
Examples:
Protocol Drain
Privacy Complete Bypass
Total System Compromise
Threat: Severe
🟧

High Impact

$10,000 – $25,000
Significant security breach
Examples:
Fund Theft
Privacy Leak
Authentication Bypass
Threat: Moderate
🟨

Medium Risk

$2,000 – $10,000
Moderate security impact
Examples:
DOS Attack
Minor Privacy Leak
Logic Error
Threat: Minimal
🟩

Low Risk

Up to $2,000
Minor security concern
Examples:
Info Disclosure
UI Confusion
Edge Case BUG

Exceptional Discovery Bonus

Higher payouts are possible for exceptionally impactful discoveries.

Maximum Payout: Uncapped
Payment System: Operational | Bounty Pool: $50,000+ | Processing Time: 7-14 Days

How To Submit?

Step 01

Review Security Guidelines

Analyze system architecture and security protocols

Step 02

Audit System Guidelines

Audit smart contracts, SDK, and app flows

Step 03

Submit Findings

Submit your findings via our secure Bug Report Form

Step 04

Collaborate Disclosure

Collaborate with our team for responsible disclosure

Transparency Commitment

Transparency PAC_001

Publicly Acknowledged Contributions

Rewarded reports are credited (optional) in our Security Hall of Fame.

Transparency PFD_002

Post Fix Disclosure

Resolved vulnerabilities are disclosed publicly after patching to uphold community trust.

Security Bounty Program: Active | Awaiting Submissions

Start Hunting
Start Earning

[EXECUTE MISSION] Passionate about privacy and security? Test our system, report responsibly, and earn rewards while making private DeFi safer for all.

View Code On Github