Overview
Centuari operates a bug bounty program to incentivize responsible disclosure of security vulnerabilities.Rewards
| Severity | Reward |
|---|---|
| Critical | Up to $100,000 |
| High | Up to $25,000 |
| Medium | Up to $5,000 |
| Low | Up to $1,000 |
Scope
In Scope
✅ Smart contracts on mainnet and testnet:- OrderBook.sol
- CBTFactory.sol
- CollateralManager.sol
- VaultFactory.sol
- Vault.sol
- YieldRouter.sol
- Price manipulation
- Flash loan exploits
- Liquidation manipulation
Out of Scope
❌ Frontend/website vulnerabilities ❌ Third-party integrations ❌ Already reported issues ❌ Theoretical attacks without proofSeverity Guidelines
Critical
- Direct theft of user funds
- Permanent freezing of funds
- Protocol insolvency
High
- Temporary freezing of funds
- Theft requiring specific conditions
- Governance manipulation
Medium
- Griefing attacks (no direct theft)
- Gas optimization failures
- Minor access control issues
Low
- Best practice violations
- Informational findings
How to Report
Document
Create detailed writeup with:
- Description
- Impact assessment
- Proof of concept
- Suggested fix (optional)
Submit
Email [email protected] or submit via Immunefi
Rules
Do
✅ Report promptly after discovery ✅ Give us reasonable time to fix ✅ Provide clear reproduction steps ✅ Keep findings confidentialDon’t
❌ Exploit vulnerabilities beyond proof of concept ❌ Access other users’ data ❌ Disclose before fix is deployed ❌ Use automated scanners without permissionLegal
Good faith security research is protected. We will not pursue legal action against researchers who:- Follow responsible disclosure
- Don’t exploit for personal gain
- Don’t access user data
- Comply with program rules
Contact
- Email: [email protected]
- Immunefi: immunefi.com/bounty/centuari
- PGP Key: Available on request
Submit on Immunefi
Report vulnerabilities through Immunefi