Bug Bounty
Last updated
Last updated
Earn up to $2,000,000 USD by finding protocol, client and bugs affecting Cygus.
The Cygnus Bug Bounty Program is your opportunity to contribute to the security and resilience of one of the most innovative ecosystems in Web 3.0. By identifying and responsibly disclosing vulnerabilities, you can earn rewards of up to $2,000,000 USD while playing a pivotal role in safeguarding user trust and ecosystem integrity.Our program emphasizes the proactive prevention of critical security issues, such as:
Loss of User Funds: Protect the assets of Cygnus users from potential exploits or vulnerabilities.
Denial of Service (DoS): Mitigate risks that could disrupt protocol functionality or accessibility.
Governance Hijacks: Prevent unauthorized control or manipulation of governance mechanisms.
Data Breaches and Leaks: Secure sensitive information and prevent unauthorized data access or exposure.
Cygnus recognizes the vital contributions of ethical hackers and security researchers in maintaining the robustness of our protocol. This program isn’t just about discovering bugs—it’s about fostering collaboration with the brightest minds in cybersecurity to build a safer, more resilient ecosystem for everyone.Whether you’re an independent security expert, part of a professional team, or a passionate contributor, we welcome your expertise and encourage you to participate in making Cygnus stronger. Together, we can ensure a secure, transparent, and innovative future for Web 3.0.
Rewards by Threat Level
Rewards are distributed according to the impact of the vulnerability based on the . This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.All web and app bugs must come with a PoC in order to be accepted. All web and app bug reports without a PoC will be rejected with a request for a PoC.Smart Contracts Rewards Breakdowns
Smart Contracts Critical:
Loss of user funds:
1% of assets at risk, minimum 100,000 USD, maximum 2,000,000 USD
Loss of non-user funds (e.g. treasury):
1% of assets at risk, minimum 50,000 USD , maximum 1,000,000 USD
Smart Contracts High:
1% of assets at risk when attack persists for 1 month
minimum 20,000 USD, maximum of 400,000 USD
Smart Contracts Medium:
1% of assets at risk when attack persists for 1 month
minimum 5,000 USD, maximum 100,000 USD
Smart Contracts Low:
2,000 USD
Web/App Rewards Breakdowns
Web/App Critical:
40,000 USD
Web/App High:
7,500 USD
If attack can modify the transaction users approve so it sends funds to the wrong address: then this reward increases to a total of 40,000 USD
Web/App Medium:
3,250 USD
Web/App Low:
500 USD
Payouts are handled by the Cygnus team directly and are denominated in USD. Payouts can be done in ETH, USDT,USDC, or Cygnus, at the decision of the bug bounty hunter.
This form is designed to collect information from community contributors, especially those helping identify bugs and improve the protocol. Submissions will be used for the fair distribution of our airdrop. Cygnus is committed to decentralization and community-led growth — your effort in making Cygnus safer directly boosts your rewards!
Click to submit your contribution and join the airdrop!