Polymarket
Polymarket is a DeFi protocol deployed on polygon. Bug bounty program with rewards up to $1,000,000 for verified smart contract vulnerabilities.
MATICDeFiPoC RequiredTriaged
Verified ProgramKYC Not RequiredPoC RequiredPrimacy of ImpactTriaged
Max Bounty$1,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains1
TVL$383.7M
Live SinceApr 2024
01Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC is not required for this program. Pseudonymous submissions are accepted.
- 03This program follows Primacy of Impact โ valid findings are rewarded based on demonstrated impact regardless of whether the specific attack vector was previously known.
- 04Submissions are triaged by the security team. Expect initial response within 48 hours of submission.
- 05Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 06Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 07Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 08For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โCore protocol smart contracts
- โToken contracts (ERC-20, ERC-721, etc.)
- โAccess control and admin functions
- โProxy and upgrade patterns
- โIntegration and adapter contracts
โ OUT OF SCOPE
- โFrontend applications
- โOff-chain infrastructure
โ Protocol Information
Security Contacts
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.