Curve launched a new bug bounty program in January 2021. We’ve increased our bug bounty awards by 20%, meaning we’re now paying up to $12,000.00 for reporting a critical vulnerability in our systems.
How does it work and what’s in it for me?
If you want to report a bug or vulnerability in Curve, all you need to do is:
- Create an account on HackerOne website.
- Start hacking! Or report the bug.
- Submit any vulnerabilities and bug reports on our Curve bounty program webpage. Important! Make sure you read the scope of our program to report the relevant issues you discover. We don't accept bugs or vulnerabilities sent to us outside of the HackerOne program.
Depending on the vulnerability you discover, you might earn between $150 and $12,000.00. Plus, you may also get a free subscription to Curve Metal or early access to upcoming features.
Our security team gives out rewards judging the reports at their discretion but within industry best practices, so factors like well-written reports matter!
What kind of bugs will be accepted?
You can find the full scope of accepted issues on our HackerOne webpage. There, you’ll also find more details on the bug bounty program, such as full program rules or out of scope vulnerabilities.