55 lines (41 loc) · 2.83 KB

Active Bug Bounty Targets

Our focus: cryptographic and mathematical vulnerabilities in blockchain protocols.

Tier 1 — Maximum Bounty Programs

Program	Max Bounty	Crypto Scope	Status	Link
LayerZero	$15,000,000	Cross-chain message verification, DVN signature schemes, ULN proof verification	Researching	Immunefi
MakerDAO/Sky	$10,000,000	Oracle signature verification, governance crypto	Queued	Immunefi
Wormhole	$5,000,000	Guardian ECDSA multi-sig, VAA signature verification, cross-chain attestation	Queued	Immunefi

Tier 2 — High-Value Crypto-Specific

Program	Max Bounty	Crypto Scope	Status	Link
Ethereum Foundation	$1,000,000	Consensus BLS signatures, secp256r1 precompile (Fusaka), RANDAO	Priority	ethereum.org
ZKsync Lite	$2,300,000	ZK circuit soundness, PLONK verifier, field arithmetic	Queued	Immunefi
Scroll	$1,000,000	zkEVM circuit constraints, proof generation	Queued	Immunefi
SSV Network	$1,000,000	Distributed validator technology, threshold signatures	Queued	Immunefi

Tier 3 — Specialized Targets

Program	Max Bounty	Crypto Scope	Link
Polygon zkEVM	$500,000	ZK proof soundness	Immunefi
zkVerify	$50,000	Proof verification layer	Immunefi
Light Protocol	$50,000	ZK compression on Solana	Immunefi

Our Methodology

For each target we:

Study the cryptographic primitives used (ECDSA, BLS, ZK circuits)
Review the implementation for deviations from specification
Test edge cases using GPU-accelerated tools at scale
Verify mathematically before reporting
Report privately through the program's official channel

What We Look For

Nonce bias in ECDSA signature generation
Weak entropy in key derivation
Missing point validation in EC operations
Signature malleability in verification
Arithmetic errors in finite field operations
Soundness breaks in ZK proof systems
Cross-chain replay vulnerabilities in signature schemes

Findings Log

Date	Protocol	Severity	Status	Bounty	Report
—	—	—	—	—	—

Findings published here only after responsible disclosure period.