โ All Bounties
CoW Protocol
MEV-protected trading protocol using batch auctions for optimal execution
ETHARBBaseDEXPoC Required
Max Bounty$1,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains3
Live SinceJun 2021
01Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC is not required for this program. Pseudonymous submissions are accepted.
- 03Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 04Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 05Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 06For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โSettlement contract
- โOrder signing and validation
- โBatch auction logic
- โProgrammatic order framework
CRITICAL FUNCTIONS
HIGH FUNCTIONS
โ OUT OF SCOPE
- โFrontend interface
- โOff-chain solver infrastructure
- โCoW AMM pools
โ Protocol Information
Resources
Security Contacts