Gnosis bug bounties are now live on Immunefi, a platform where security researchers and bounty hunters get paid to review code, disclose vulnerabilities, and ensure contracts are safe and secure.
Check out the page for Gnosis bounties here:
Gnosis public repositories are on Github:
Immunefi currently hosts bounties for two of our interoperable product lines:
Gnosis Safe, the most trusted platform for managing digital assets on Ethereum, provides critical infrastructure for DAOs and DeFi while setting the standard for user-controlled fund storage. We’re trusted by users like Vitalik Buterin, and key projects like Gitcoin, to secure >$21Billion in ERC-20s and NFTs.
• Gnosis Safe Immunefi bounty:
• Reward payouts:
- Critical: USD $50,000 - USD $54,000
- High: USD $10,000
- Medium: $2,000
Payouts for GPv2 bounties will be made in GNO, ETH or DAI.
Gnosis Protocol (GPv2) leverages batch auctions to provide MEV protection, plus integration with liquidity sources across DEXs to offer traders the best prices. CowSwap, is a proof-of-concept dapp (decentralized application) built on Gnosis Protocol V2 (GPv2).
• Gnosis Protocol v2 Immunefi bounty:
• Reward payouts:
- Critical: up to USD $54,000
- High: up to USD $10,000
- Medium: up to USD $1,000
Payouts for GPv2 bounties will be made in ETH.
The Gnosis core development team, employees, and all other people paid by Gnosis, directly or indirectly (including the external auditors), are not eligible for rewards for any Gnosis bug bounty program.
In order to be eligible for a reward, bug reports must include an explanation of how the bug can be reproduced, a failing test case, a valid scenario in which the bug can be exploited.
If a fix that makes the test case pass is provided, an additional USD 4 000 is provided for critical vulnerabilities, which is reflected in the maximum amount quoted here.
In addition to the Immunefi Severity Classification System, additional information is provided for each severity level in each respective Gnosis bug bounty program. In case of discrepancies between this information and the Immunefi Severity Classification System, this information will prevail.
Please feel free to comment here, or contact us in the Gnosis Discord at chat.gnosis.io, with any questions!