Bug Bounty

Earn up to $2,000,000 USD by finding protocol, client and bugs affecting Cygus.

Overview

The Cygnus Bug Bounty Program is your opportunity to contribute to the security and resilience of one of the most innovative ecosystems in Web 3.0. By identifying and responsibly disclosing vulnerabilities, you can earn rewards of up to $2,000,000 USD while playing a pivotal role in safeguarding user trust and ecosystem integrity.Our program emphasizes the proactive prevention of critical security issues, such as:

  • Loss of User Funds: Protect the assets of Cygnus users from potential exploits or vulnerabilities.

  • Denial of Service (DoS): Mitigate risks that could disrupt protocol functionality or accessibility.

  • Governance Hijacks: Prevent unauthorized control or manipulation of governance mechanisms.

  • Data Breaches and Leaks: Secure sensitive information and prevent unauthorized data access or exposure.

Cygnus recognizes the vital contributions of ethical hackers and security researchers in maintaining the robustness of our protocol. This program isn’t just about discovering bugs—it’s about fostering collaboration with the brightest minds in cybersecurity to build a safer, more resilient ecosystem for everyone.Whether you’re an independent security expert, part of a professional team, or a passionate contributor, we welcome your expertise and encourage you to participate in making Cygnus stronger. Together, we can ensure a secure, transparent, and innovative future for Web 3.0.

Rewards

Rewards by Threat Level

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.All web and app bugs must come with a PoC in order to be accepted. All web and app bug reports without a PoC will be rejected with a request for a PoC.Smart Contracts Rewards Breakdowns

  • Smart Contracts Critical:

    • Loss of user funds:

      • 1% of assets at risk, minimum 100,000 USD, maximum 2,000,000 USD

    • Loss of non-user funds (e.g. treasury):

      • 1% of assets at risk, minimum 50,000 USD , maximum 1,000,000 USD

  • Smart Contracts High:

    • 1% of assets at risk when attack persists for 1 month

      • minimum 20,000 USD, maximum of 400,000 USD

  • Smart Contracts Medium:

    • 1% of assets at risk when attack persists for 1 month

      • minimum 5,000 USD, maximum 100,000 USD

  • Smart Contracts Low:

    • 2,000 USD

Web/App Rewards Breakdowns

  • Web/App Critical:

    • 40,000 USD

  • Web/App High:

    • 7,500 USD

    • If attack can modify the transaction users approve so it sends funds to the wrong address: then this reward increases to a total of 40,000 USD

  • Web/App Medium:

    • 3,250 USD

  • Web/App Low:

    • 500 USD

Payouts are handled by the Cygnus team directly and are denominated in USD. Payouts can be done in ETH, USDT,USDC, or Cygnus, at the decision of the bug bounty hunter.

PreviousMini App for Cygnus StakingNextGrant Program

Last updated