ZKsync Lite
ZKsync Lite is a Layer 2 protocol deployed on ethereum. Bug bounty program with rewards up to $2,300,000 for verified smart contract vulnerabilities.
ETHLayer 2KYC RequiredPoC Required
Verified ProgramKYC RequiredPoC Required
Max Bounty$2,300,000
Min Bounty$2,300
PayoutUSDC
Findings0
Accepted0
Chains1
Live SinceMar 2022
10 Audit Reports Available
auditsExternal
MatterLabs_zkSync_Era_Circuits_Zero_Knowledge_Security_Audit_Report_Halborn_Final..pdfHalborn
2022-10-zksync-findingsCode4rena
2022-102023-03-zksync-findingsCode4rena
2023-032023-10-zksync-findingsCode4rena
2023-102024-03-zksync-findingsCode4rena
2024-03zkSyncHacken
Show detailsHexens
auditsExternal
MatterLabs_zkSync_Era_Circuits_Zero_Knowledge_Security_Audit_Report_Halborn_Final..pdfHalborn
01Severity & Rewards
02Program Rules
- 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
- 02KYC verification is required before bounty payout. Researchers must complete identity verification to receive rewards.
- 03Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
- 04Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
- 05Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
- 06For Critical severity findings, the security team may arrange direct communication for expedited resolution.
โ IN SCOPE
- โConsensus and block production contracts
- โBridge contracts between L1 and L2
- โSequencer and validator logic
- โState commitment and fraud proof mechanism
- โToken contracts and precompiles
โ OUT OF SCOPE
- โFrontend applications
- โOff-chain infrastructure
โ Protocol Information
Resources
Security Contacts
Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.