Security
Curve Finance prioritizes the security of its protocols and user funds above all else. We maintain a bug bounty program to encourage responsible disclosure of potential vulnerabilities and actively collaborate with security researchers and whitehat hackers to ensure the safety of our ecosystem.
For security-related inquiries and vulnerability reports: [email protected]
Security audits and disclosure reports are available on GitHub
Bug Bounty
Scope — Issues which can lead to substantial loss of money, critical bugs like a broken liveness condition or irreversible loss of funds.
Disclosure Policy — Let us know as soon as possible upon discovery of a potential security issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Exclusions — Already known vulnerabilities. Vulnerabilities in front-end code not leading to smart contract vulnerabilities.
Eligibility — You must be the first reporter of the vulnerability. You must be able to verify a signature from same address. Provide enough information about the vulnerability.
| Likelihood / Severity | Low | Moderate | High |
|---|---|---|---|
| Almost Certain | $10,000 | $50,000 | $250,000 |
| Possible | $1,000 | $10,000 | $50,000 |
| Unlikely | $250 | $1,000 | $5,000 |
Security Audits
DAO
DEX
