Building on the success of our recent code competition with 602 researchers, we're thrilled to continue our collaboration with Cantina to further fortify Euler v2's contracts and launch a $1 million bug bounty programme, now live.
Over the past year, we've worked closely with numerous security teams and individual researchers whose insights have helped us refine and strengthen both Euler v2’s contract design and security. The goal of this programme is to continue to work with the security community by inviting them to test, identify, report vulnerabilities and further enhance the security of the contracts.
Following the imminent launch of Euler v2, this will be just one of the many ongoing security measures we’ll implement, as detailed in our security framework blog.
If you would like to participate in the bounty programme, visit Cantina’s official page.
Scope
This bug bounty focuses on the vaults which are smart contract addresses returned by the verifiedArray() function of the following default perspectives:
- Escrowed Collateral Perspective
- Euler Ungoverned 0x Perspective
- Euler Ungoverned nzx Perspective
- Governed Perspective
The bug bounty covers the contracts in the master/main branch of the key repositories that the above vaults RELY ON:
Severity Levels & Rewards
We've structured our rewards based on the severity of the identified vulnerabilities:
- Smart Contracts:
- High Impact: Up to $1,000,000 (minimum payout: $200,000)
- Medium Impact: Up to $200,000 (minimum payout: $50,000)
- Web Interface:
- Critical: $25,000
- High: $5,000
- Medium: $1,000
Rewards are calculated based on the economic impact of the vulnerabilities. For smart contract bugs, a minimum payout of $200,000 is guaranteed for high-severity findings.
Out of Scope
Certain areas are considered out of scope for this bug bounty:
- Issues related to previously acknowledged or fixed bugs.
- Findings based on outdated or unsupported contracts, scripts, or third-party integrations.
- Non-security-related bugs such as UI glitches or performance issues.
- Vulnerabilities affecting non-sensitive endpoints, outdated browsers, or plugins.
- Issues involving actions controlled by Euler DAO entities are assumed to be trusted and are therefore out of scope.
- In governed vaults, configuration mistakes made by the governor are out of scope.
Website-Specific
Only the official Euler V2 protocol launch site is within scope. Non-security bugs and certain vulnerabilities, such as clickjacking or CSRF on non-sensitive forms, are excluded.
About Euler
Euler is a modular lending platform designed to enhance capital efficiency and flexibility in DeFi. With Euler, users can permissionlessly establish lending markets tailored to their unique needs and preferences. Features like multi-collateral capabilities, aggregated vaults, and oracle freedom enhance user flexibility and streamline risk management.
About Cantina
Cantina is a security marketplace incubated by Spearbit that empowers protocols to source the best network of teams, freelancers, products, and services to keep their code secure.
This content is brought to you by Euler Labs, which wants you to know a few important things.
This piece is provided by Euler Labs Ltd. for informational purposes only and should not be interpreted as investment, tax, legal, insurance, or business advice. Euler Labs Ltd. and The Euler Foundation are independent entities.
Neither Euler Labs Ltd., The Euler Foundation, nor any of their owners, members, directors, officers, employees, agents, independent contractors, or affiliates are registered as an investment advisor, broker-dealer, futures commission merchant, or commodity trading advisor or are members of any self-regulatory organization.
The information provided herein is not intended to be, and should not be construed in any manner whatsoever, as personalized advice or advice tailored to the needs of any specific person. Nothing on the Website should be construed as an offer to sell, a solicitation of an offer to buy, or a recommendation for any asset or transaction.
This post reflects the current opinions of the authors and is not made on behalf of Euler Labs, The Euler Foundation, or their affiliates and does not necessarily reflect the opinions of Euler Labs, The Euler Foundation, their affiliates, or individuals associated with Euler Labs or The Euler Foundation.
Euler Labs Ltd. and The Euler Foundation do not represent or speak for or on behalf of the users of Euler Finance. The commentary and opinions provided by Euler Labs Ltd. or The Euler Foundation are for general informational purposes only, are provided "AS IS," and without any warranty of any kind. To the best of our knowledge and belief, all information contained herein is accurate and reliable and has been obtained from public sources believed to be accurate and reliable at the time of publication.
The information provided is presented only as of the date published or indicated and may be superseded by subsequent events or for other reasons. As events and markets change continuously, previously published information and data may not be current and should not be relied upon.
The opinions reflected herein are subject to change without being updated.