Crowdsourcing from a list of the world's top ethical hackers to provide you continuous assessment, for uncovering vulnerabilities before anyone else does.
Combining years of Web3 security experience with a well-established technical community, CertiK’s Bug Bounty is the only Web3 platform providing fully managed end-to-end support with 0% fee on bounty payouts.
CertiK’s expert security engineers will screen and qualify submissions and work with your team to implement the right fixes.
Tap into our large technical community from the Security Leaderboard to attract leading ethical hackers to your project.
Our 0% fee model reduces the payout pressure for projects and allows for white hat hackers receive the full bounty.
Setting up a bug bounty with CertiK allows projects to utilize the intelligence of ethical hackers to further derisk their code from additional vulnerabilities.
White hat ethical hackers who have intuitive knowledge of the latest attacks can realize threats before malicious actors have the opportunity to exploit them.
Gain access to a highly-skilled community of ethical hackers that specialize in different areas of vulnerability detection.
Partner with CertiK security engineers who will rapidly review all your inbound bug submissions and help ensure the proper steps taken to fix any issues.
Bug bounty remediation of findings is integrated with Skynet and will improve the overall trust score for your project.
CertiK's bug bounty program offers a trusted platform for projects and ethical hackers to connect.
1. Get onboarded with a dedicated program manager.
2. Launch your program and activate your bounty badge on certik.com.
3. Receive submissions and pay bounties directly if qualified.
1. Add projects with active bounty badges to your watchlist.
2. Strengthen your technical due diligence capabilities.
3. Evaluate projects with additional security measures.
1. Sign up to the platform and browse bounties.
2. Review in-scope assets and submit reports.
3. Get paid directly and gain your Web3 white hat reputation.
Web3, as well as associated Web2 elements of projects are increasingly under attack by malicious actors who seek to take advantage of security vulnerabilities in project code. These adversaries are always "one-step-ahead" of whatever security controls are in place to protect these projects - constantly running reconnaissance and coming up with new attack vectors inside the project’s threat landscape.