Chainlink
Decentralized oracle network providing tamper-proof data feeds for smart contracts
ETHARBOPMATICBSCBaseInfrastructureKYC RequiredPoC Required
Verified ProgramKYC RequiredPoC RequiredPrimacy of Impact
Max Bounty$3,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains6
Live SinceMay 2021
1 Audit Report Available
01Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC verification is required before bounty payout. Researchers must complete identity verification to receive rewards.
- 03This program follows Primacy of Impact โ valid findings are rewarded based on demonstrated impact regardless of whether the specific attack vector was previously known.
- 04Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 05Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 06Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 07For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โPrice feed aggregator contracts
- โCCIP cross-chain protocol
- โVRF v2 contracts
- โAutomation (Keepers) contracts
CRITICAL FUNCTIONS
transmit()latestRoundData()ccipSend()HIGH FUNCTIONS
requestRandomWords()performUpkeep()setConfig()โ OUT OF SCOPE
- โFrontend applications
- โOff-chain node software
- โThird-party oracle consumers
โ Protocol Information
Audited By
Cyfrin
Immunefi
Security Contacts
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.