Penguin Finance
Search…
Bug Bounty Program
The Penguin Finance bug bounty program is an incentive system rewarding white-hat hackers for helping us identify bugs that would result in the loss of user funds, either by direct draining of funds or manipulation of the website's source code to force the user to sign a malicious transaction.

Smart Contracts and Blockchain*

Level
Reward
Critical
15% of VAR, up to $70,000 USD
High
$20,000 USD
Medium
$10,000 USD
Low
$3,000 USD
​
ℹ
Please note that we now run this bug bounty in partnership with Immunefi.

Website and Apps

Level
Reward
Critical
$5,500 USD
High
$3,250 USD
Medium
$1,200 USD

In Scope:

Program Exclusions:

  • XSS reports are restricted to those that have an impact of prompting a user to sign a transaction or a redirect
  • Missing HTTP security headers
  • Missing cookie flags on non-sensitive cookies
  • Missing best practices in SSL/TLS configuration
  • Attacks requiring MITM or physical access to a user's device
All bug reports must include proof of concept and remediation steps to be eligible for a reward. Please use CVSSv3 to determine the severity of the bug.
All payouts are done by the Penguin Finance team and are pegged to the USD values set here and are payable in PEFI or DAI.
To report a bug, message @pefidev or @codypefi on Telegram.
Copy link
On this page
Smart Contracts and Blockchain*
Website and Apps