Beanstalk
Beanstalk is a DeFi protocol deployed on ethereum. Bug bounty program with rewards up to $1,100,000 for verified smart contract vulnerabilities.
ETHDeFiPoC Required
Verified ProgramKYC Not RequiredPoC Required
Max Bounty$1,100,000
Min Bounty$1,100
PayoutUSDC
Findings0
Accepted0
Chains1
Live SinceOct 2022
8 Audit Reports Available
2022-07-beanstalk-fixreview.pdfTrail of Bits
2022-072022-07-beanstalk-securityreview.pdfTrail of Bits
2022-072023-03-13-beanstalk_wells_v0.1.pdfCyfrin
2023-032023-06-16-cyfrin-beanstalk-wells.pdfCyfrin
2023-062023-09-12-cyfrin-beanstalk.pdfCyfrin
2023-092023-10-13-cyfrin-beanstalk-bip-38.pdfCyfrin
2023-102024-05-02-cyfrin-beanstalk-bip-39-v1-2.pdfCyfrin
2024-05Beanstalk_Smart_Contract_Security_Audit_Report_Halborn_Final.pdfHalborn
01Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC is not required for this program. Pseudonymous submissions are accepted.
- 03Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 04Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 05Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 06For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โCore protocol smart contracts
- โToken contracts (ERC-20, ERC-721, etc.)
- โAccess control and admin functions
- โProxy and upgrade patterns
- โIntegration and adapter contracts
โ OUT OF SCOPE
- โFrontend applications
- โOff-chain infrastructure
โ Protocol Information
Audited By
Immunefi
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.