Bug Bounty
For security-related inquiries and vulnerability reports, please contact us at security@curve.finance.
We take security seriously and appreciate responsible disclosure.
Bug Bounty Payout
| Likelihood ↓ / Severity → | Low | Moderate | High |
|---|---|---|---|
| Almost Certain | $10,000 | $50,000 | $250,000 |
| Possible | $1,000 | $10,000 | $50,000 |
| Unlikely | $250 | $1,000 | $5,000 |
Scope
Issues which can lead to substantial loss of money, critical bugs like a broken liveness condition or irreversible loss of funds.
Disclosure Policy
- Let us know as soon as possible upon discovery of a potential security issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third party.
Exclusions
- Already known vulnerabilities.
- Vulnerabilities in front-end code not leading to smart contract vulnerabilities.
Eligibility
- You must be the first reporter of the vulnerability.
- You must be able to verify a signature from the same address.
- Provide enough information about the vulnerability.