Security Policy
Bug Bounty
Castle Labs is now offering a Bug Bounty program for security researchers that discover vulnerabilities or exploits in Castle's Solana programs.
Security vulnerabilities or other high-severity vulnerabilities that are successfully reported following the terms of the Bug Bounty program can be eligible for a reward of up to $100,000, depending on severity.
Rewards
The severity guidelines are based on Immunefi's classification system.
Note that these are simply guidelines for the severity of the bugs. Each bug bounty submission will be evaluated on a case by case basis.
Submission
Please message @charlie_you on Telegram or send an email to [email protected] with a detailed description of the attack vector. For critical and high bugs, we require a proof of concept done on a privately deployed contract. We will reach back out in 1 business day with additional questions or next steps on the bug bounty.
Scope
The Castle Vault Solana program: https://github.com/castle-finance/castle-vault/tree/dev/programs/castle-vault
Terms
The vulnerability:
Must be first reported to Castle Labs exclusively.
Must not be publicly shared before reporting to Castle Labs.
Must not be publicly shared during Castle Labs’ investigation and fix.
Must be reproducible by Castle Labs.
Should only be publicly disclosed if agreed upon after bug resolution.
You must be the first person to report this vulnerability.
You must not maliciously exploit the vulnerability in any way after discovery.
You must not be subject to United States sanctions or live in any U.S.-embargoed country.
Last updated