โ† All Bounties
Wormhole logo

Wormhole

Generic cross-chain message passing protocol connecting multiple blockchains

ETHSOLBSCMATICARBOPBaseBridgeKYC RequiredPoC Required
Verified ProgramKYC RequiredPoC Required
Max Bounty$5,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains7
Live SinceFeb 2022

01Severity & Rewards

02Program Rules

  1. 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
  2. 02KYC verification is required before bounty payout. Researchers must complete identity verification to receive rewards.
  3. 03Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
  4. 04Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
  5. 05Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
  6. 06For Critical severity findings, the security team may arrange direct communication for expedited resolution.

โœ“ IN SCOPE

  • โ—Core bridge contracts
  • โ—Guardian verification
  • โ—Token bridge
  • โ—VAA parsing and validation
CRITICAL FUNCTIONS
publishMessage()parseAndVerifyVM()completeTransfer()
HIGH FUNCTIONS
submitContractUpgrade()registerChain()updateGuardianSet()

โœ• OUT OF SCOPE

  • โ—Frontend portal
  • โ—Off-chain guardian nodes
  • โ—Third-party relayers

โ˜…Protocol Information

Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.