Get rewarded for disclosing unknown vulnerabilities in the PoolTogether smart contracts.
PoolTogether is a prize savings protocol, that promotes financial security by making saving fun. The protocol allows users to deposit tokens for a daily chance to win ETH. Since its inception in 2019, PoolTogether has helped tens of thousands of users save their crypto and distributed more than $12M in prizes.
The recent launch of the new PoolTogether is a major leap forward. The system is now:
Fully autonomous. There are no admin controls; prize sizes and counts adapt automatically.
Automated. All external functions are incentivized so the protocol continues running perpetually.
Permissionless. Anyone can add new assets or yield sources to the protocol by adding new vaults.
This article outlines the Immunefi bug bounty program for PoolTogether which is live now. Report bugs and get rewards on the Immunefi platform: https://immunefi.com/bounty/pooltogether.
Security is paramount to PoolTogether. That's why Generation (G9) Software Inc. partnered with Immunefi to launch an open bug bounty program. Hackers in good faith should be rewarded, so the program is designed to encourage the responsible disclosure of vulnerabilities and bugs.
The bug bounty program covers the PoolTogether V5 core smart contracts and is focused on preventing the theft or freezing of user funds, prizes, or yield, as well as any potential griefing attacks. Whitehats can receive up to $22,727 in rewards for responsibly reporting a bug, depending upon its severity.
Other rules and details for the bug bounty program including assets and impacts in scope, out-of-scope activities, limitations, etc. can be found on the full Bug Bounty Program Overview on Immunefi.
Rewards are based on the severity of the bug detected and distributed according to the impact the vulnerability could otherwise cause, based on the Impacts in Scope table below:
All smart contract vulnerabilities must be proven with a Proof of Concept (PoC) to be accepted. Bug reports without a PoC will be rejected with a request to include a PoC in the next submission.
Payouts are handled directly by the G9 Software Inc. team and are denominated in USD. All payments are carried out in $USDC.
To responsibly report a potential vulnerability, please create an account and submit the bug via the Immunefi bugs platform.
Please adhere to the full Bug Bounty Program Overview on Immunefi for all information about assets and impacts in scope and the rules that apply.
The bug bounty program with Immunefi is one more step to ensure a true no loss experience for PoolTogether's users. In addition to the bug bounty program, the protocol underwent security audits with Code4rena and Macro Security. You can browse all audit reports here.
Github: Generation Software
Developer Docs: dev.pooltogether.com
Builders Portal: builders.cabana.fi
Twitter: @PoolTogether_
Farcaster: @PoolTogether | /pool-together
Lens: pooltogether.lens
Mirror: pooltogether.mirror.xyz
More from PoolTogether
PoolTogetherBonus Rewards are live on PoolTogether V5
PoolTogether just got even more rewarding. OP Rewards are live on five hyperstructure vaults! 🎄By holding prize tokens you now get:A chance for daily, weekly, monthly, AND yearly prizesNo loss and the ability to withdraw in full at any timeGuaranteed OP rewards (Currently, up to 58.15% APR)For starters, the bonus rewards are set to the following parameters:500 OP per week for $USDC, $DAI, and Prize $wETH250 OP per week for USDC.e and legacy wETH vaultAfter 4 weeks, these rewards will be adju...
PoolTogetherClaim Your Free pooltogether.eth Subdomain
Exclusive claiming of pooltogether.eth subdomains is starting for the first group today! 🎉Update June, 15th: All PoolTogether users with more than $1k deposited can now claim their free subdomain! Claim here.What is a PoolTogether.eth subdomain?PoolTogether.eth subdomains are ENS subdomains powered by Namestone. They are built on the famous Ethereum Name Service: A decentralized naming service that allows you to own your name, store your user data and receive any kind of tokens or NFTs. ✨ Yo...
PoolTogetherBridging POOL with Across
The POOL token lives on multiple chains. While you can bridge your tokens using the native bridges of Optimism and Polygon, it takes a lot of time until you can finally withdraw your tokens on the desired chain. Thanks to Across, Poolers can now travel across chains for a fraction of the time and costs! With the recently added support for the POOL token, you can easily bridge POOL tokens between Ethereum, Polygon, and Optimism within minutes. Disclaimer*: You don’t need POOL in order to use P...
