Skip to content

Security

Curve Finance prioritizes the security of its protocols and user funds above all else. We maintain a bug bounty program to encourage responsible disclosure of potential vulnerabilities and actively collaborate with security researchers and whitehat hackers to ensure the safety of our ecosystem. Our security practices include regular audits, continuous monitoring, and swift response to potential threats.

Security Contact & Disclosure Reports

For security-related inquiries and vulnerability reports: security@curve.fi

Security audits and disclosure reports are available on GitHub


Bug Bounty

Scope
Issues which can lead to substantial loss of money, critical bugs like a broken live-ness condition or irreversible loss of funds.

Disclosure policy
Let us know as soon as possible upon discovery of a potential security issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

Exclusions
Already known vulnerabilities. Vulnerabilities in front-end code not leading to smart contract vulnerabilities.

Eligibility
You must be the first reporter of the vulnerability You must be able to verify a signature from same address Provide enough information about the vulnerability

Bug Bounty Payout

Likelihood ↓ / Severity → Low Moderate High
Almost Certain $10,000 $50,000 $250,000
Possible $1,000 $10,000 $50,000
Unlikely $250 $1,000 $5,000

Security Audits

DAO


DEX


Stablecoin and Lending