Comment on page

Bug Bounty

This page has been deprecated. V1 documentation is partially maintained here

Bug Bounty


Balancer has completed smart contract audits with Trail of Bits and Open Zeppelin. We also will run a continuous bug bounty program for the bronze release of Balancer core.


The bug bounty covers any of the core smart contracts deployed on Mainnet. The code can be found at:
Additional second layer contracts, such as the exchange proxy or individual smart pool contracts, may be added at a further date.


The bounty program will pay out rewards according to the severity of a vulnerability. The final reward amount is at the sole discretion of Balancer Labs. See eligibility section below for more details.
$20,000 - $50,000
  • Stealing assets from a pool
  • Permanently freezing pool assets
$10,000 - $20,000
  • Severe rounding errors where an attacker can steal significant funds in excess of any gas costs or swap fees
  • Manipulating a finalized pool's assets / weights / fees
$2,000 - $5,000
  • Minor rounding errors that allow an attacker to slowly manipulate funds to their advantage
$0 - $2,000
  • Informational and code quality based disclosures

Reporting / Disclosures

Please report any findings to [email protected], with full details about any vulnerability and steps / code to reproduce. Allow us time to review and remediate any findings before public disclosure.

Ineligible Findings

  • Duplicate vulnerabilities. Only the first reporter will be rewarded.
  • Findings already known as part of a formal audit.
  • Findings related to non-standard ERC20 tokens might be ineligible as many vulnerabilities might be inserted in non-standard ERC20 tokens on purpose for applying for this bug bounty.