Balancer
Programmable liquidity protocol with weighted pools and flash loans
ETHARBMATICBaseOPDEXPoC Required
Verified ProgramKYC Not RequiredPoC Required
Max Bounty$1,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains5
Live SinceMay 2022
7 Audit Reports Available
2021-04-balancer-balancerv2-securityreview.pdfTrail of Bits
2021-042024-12-balancer-v3-securityreview.pdfTrail of Bits
2024-122025-10-10-cyfrin-suzaku-balancer-validator-v2.0.pdfCyfrin
2025-10Balancer-Spearbit-Security-Review-September-2024.pdfSpearbit
2024Sifchain_Balancer_Smart_Contract_Audit_Halborn_v1.pdfHalborn
Aave Balancer and Uniswap v2 Price ProvidersConsensys Diligence
2020-08Balancer FinanceConsensys Diligence
2020-0501Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC is not required for this program. Pseudonymous submissions are accepted.
- 03Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 04Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 05Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 06For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โBalancer Vault V2/V3
- โWeighted and stable pool contracts
- โFlash loan implementation
- โRate providers
CRITICAL FUNCTIONS
swap()joinPool()exitPool()HIGH FUNCTIONS
flashLoan()setSwapFeePercentage()managePoolBalance()โ OUT OF SCOPE
- โFrontend interface
- โveBAL governance
- โThird-party pool implementations
โ Protocol Information
Resources
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.