Castle Labs is now offering a Bug Bounty program for security researchers that discover vulnerabilities or exploits in Castle's Solana programs.
Security vulnerabilities or other high-severity vulnerabilities that are successfully reported following the terms of the Bug Bounty program can be eligible for a reward of up to $100,000, depending on severity.
Note that these are simply guidelines for the severity of the bugs. Each bug bounty submission will be evaluated on a case by case basis.
Please message @charlie_you on Telegram or send an email to [email protected] with a detailed description of the attack vector. For critical and high bugs, we require a proof of concept done on a privately deployed contract. We will reach back out in 1 business day with additional questions or next steps on the bug bounty.
- The vulnerability:
- 1.Must be first reported to Castle Labs exclusively.
- 2.Must not be publicly shared before reporting to Castle Labs.
- 3.Must not be publicly shared during Castle Labs’ investigation and fix.
- 4.Must be reproducible by Castle Labs.
- 5.Should only be publicly disclosed if agreed upon after bug resolution.
- You must be the first person to report this vulnerability.
- You must not maliciously exploit the vulnerability in any way after discovery.
- You must not be subject to United States sanctions or live in any U.S.-embargoed country.