Bug Bounty

🐛 Bug Bounty Program

Security researchers are essential to maintaining ZkStable’s integrity. We offer paid bounties for discovered vulnerabilities.

Reward Levels

Severity
Example
Reward

Critical

Mint without collateral, bypass proof

Up to $250,000

High

Incorrect collateral accounting

$25,000–$100,000

Medium

Denial-of-service vector

$5,000–$20,000

Low

UI or SDK logic flaw

$500–$2,500

Eligible Targets

  • Smart contracts (BNB, Ethereum)

  • ZK verifier / circuit logic

  • Cross-chain relay system

  • SDK transaction signing implementation

Out of Scope

  • Third-party wallet apps

  • MEV extraction strategies

  • UI styling issues

How to Report

Send vulnerability reports to:

📩 [email protected] Use PGP encryption for critical issues.

Researchers must:

  • Not publicly disclose before fix is deployed

  • Provide working proof-of-concept

  • Not exploit findings for financial gain

PreviousContributing Guide

Last updated