A bug bounty program with Immunefi was launched on October 11, 2022. This bug bounty program is focused on the Beanstalk smart contracts and preventing the loss of Farmersβ assets within Beanstalk and other ecosystem smart contracts. The maximum bounty is 1,100,000 Beans.
You can find the bug bounty program and submit bug reportsΒ here:
In order to be considered for the maximum potential reward, bug reports must come with (1) a Proof of Concept (PoC), and (2) code implementing the fix.
Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of the potential reward outlined below, as determined by the Beanstalk Immunefi Committee (BIC). You can read more about the BIC here:
All vulnerabilities noted inΒ any Halborn audit reports or the Trail of Bits audit reportΒ (or otherwise known by the BIC orΒ BCM) are not eligible for a reward.
The following are notes on each bug report that has come in through Immunefi, the BICβs response, any supporting information from Halborn, etc. Notes are logged here once 7 days pass after the last reply in a bug report.
If you have questions about anything you see, join the Beanstalk Discord and ask in the (#βΒ β’ questions) channel!