Skip to content
Suggest changes

Security

Curve Finance prioritizes the security of its protocols and user funds above all else. We maintain a bug bounty program to encourage responsible disclosure of potential vulnerabilities and actively collaborate with security researchers and whitehat hackers to ensure the safety of our ecosystem. Our security practices include regular audits, continuous monitoring, and swift response to potential threats.

Security Contact & Disclosure Reports

For security-related inquiries and vulnerability reports: security@curve.finance

Security audits and disclosure reports are available on GitHub

Bug Bounty

Scope Issues which can lead to substantial loss of money, critical bugs like a broken live-ness condition or irreversible loss of funds.

Disclosure policy Let us know as soon as possible upon discovery of a potential security issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

Exclusions Already known vulnerabilities. Vulnerabilities in front-end code not leading to smart contract vulnerabilities.

Eligibility You must be the first reporter of the vulnerability You must be able to verify a signature from same address Provide enough information about the vulnerability

Bug Bounty Payout

Likelihood ↓ / Severity → Low Moderate High
Almost Certain $10,000 $50,000 $250,000
Possible $1,000 $10,000 $50,000
Unlikely $250 $1,000 $5,000

Security Audits

DAO

DEX

Stablecoin and Lending