Immunefi Bug Bounty Program

Beanstalk Farms is excited to announce that the bug bounty program with Immunefi approved in BIP-26 is now live, with rewards up to 1.1M Beans per bug report!

You can find the bug bounty program and submit bug reports here.

In BIP-26, the Beanstalk DAO created a bug bounty program through Immunefi to incentivize whitehat hackers to find bugs in Beanstalk.

In order to be considered for the maximum potential reward, bug reports must come with (1) a Proof of Concept (PoC), and (2) code implementing the fix. Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of the potential reward outlined below, as determined by the Beanstalk Immunefi Committee (BIC). You can read more about the BIC here:

• BIC Process
• BIC Dashboard

All vulnerabilities noted in any Halborn audit reports or the Trail of Bits audit report (or otherwise known by the BIC or BCM) are not eligible for a reward.

Security is paramount to the success of Beanstalk. Immunefi is crypto’s leading bug bounty platform that many other well-known DeFi protocols use to facilitate their bug bounty programs. This bounty program is competitive with the largest programs currently on Immunefi, making it likely to attract whitehat hackers.

BIP-26 established a method for the reporting and fixing bugs in a way that minimizes the risk to Beanstalk between the report and the fix, as well as the fair and transparent compensation for the reporting of bugs. The program gives bounty hunters a clear process and structure in order to increase the likelihood they attempt to find issues with Beanstalk and its related contracts and code.