Bug Bounty Program


Punk contributors place great value on maintaining high standards of user security. So, we operate a bug bounty program and will continue to strengthen the safe ecosystem and security. We need detailed analysis by Punkers, security engineers, and hackers. We give up to $50,000 in rewards depending on the severity level of the vulnerability for discovering potential security attacks or errors that could harm users.


The bug bounty will be applicable for the following repositories, sources, and sites: https://github.com/PunkFinance


Rewards are paid according to five severity levels and the likelihood of occurrence. The determination of all terms and conditions relating to bounty reward is at the sole discretion of the core developer of PUNK. Please refer to the reward system below.




$20,000 - $50,000


$10,000 - $20,000


$5,000 - $10,000


$1,000 - $5,000


$0 - $1,000


Please submit your findings of the vulnerability to team@punk.finance. When writing a bug report, please be as specific and clear as possible. The report will be great to include the following.

  • Vulnerability

  • The ways to find a vulnerability

  • Code for reproducing bugs

  • A description of what the vulnerability could pose as a security threat.

  • Screenshots

  • Submitter information (name, email address, wallet address)

Ineligible Findings

  • Duplicate vulnerability (reward to the first submitter)

  • Reported by an official audit

  • Disclosing vulnerabilities to others in public places

  • Employees and businesses closely related to PUNK

Last updated