โ† All Bounties
Stargate logo

Stargate

Fully composable native asset bridge built on LayerZero

ETHARBOPMATICBSCBaseBridgeKYC RequiredPoC RequiredTriaged
Verified ProgramKYC RequiredPoC RequiredPrimacy of ImpactTriagedArbitration
Max Bounty$10,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains6
Live SinceSep 2024

01Severity & Rewards

02Program Rules

  1. 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
  2. 02KYC verification is required before bounty payout. Researchers must complete identity verification to receive rewards.
  3. 03This program follows Primacy of Impact โ€” valid findings are rewarded based on demonstrated impact regardless of whether the specific attack vector was previously known.
  4. 04Submissions are triaged by the security team. Expect initial response within 48 hours of submission.
  5. 05Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
  6. 06Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
  7. 07Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
  8. 08For Critical severity findings, the security team may arrange direct communication for expedited resolution.

โœ“ IN SCOPE

  • โ—Stargate Router contracts
  • โ—Liquidity pool contracts
  • โ—Bridge and swap logic
  • โ—Fee calculation
CRITICAL FUNCTIONS
swap()addLiquidity()redeemLocal()
HIGH FUNCTIONS
setFees()setWeightForChainPath()createPool()

โœ• OUT OF SCOPE

  • โ—Frontend applications
  • โ—LayerZero core contracts
  • โ—Third-party integrations

โ˜…Protocol Information

Resources
โ—†Websiteโ†—๐Ÿ“„Docsโ†—
Submit Finding โ†’โ† Browse All Programs
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.