Wormhole launches Bug Bounty Program on Immunefi with $10 million reward for critical bugs

What is covered?

The bug bounty program covers smart contracts, web UI, guardian nodes, and Wormhole integrations. Its focus is on preventing:

  • Exploits resulting in the locking, loss, or theft of user funds.
  • General forging of unverified data or validation of forged messages.
  • Determinism bugs that could lead to inconsistent bridge states.
  • Governance manipulation.
  • Exposure of infrastructure private keys and/or PII.
  • Vulnerabilities in the node operating software resulting in invalid behavior.
  • Remote code execution.
  • Bugs that can facilitate Sybil attacks.


Rewards are distributed according to the impact of the vulnerability and are based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains. It encompasses everything from consequence of exploitation to privilege required, as well as likelihood of a successful exploit.

Smart Contracts and Blockchain

  • Critical Up to $10,000,000
  • High $100,000
  • Medium $10,000
  • Low $2,500

Websites and Applications

  • Critical $50,000
  • High $10,000
  • Medium $5,000
  • Low $1,000

About Immunefi

Immunefi is the premier bug bounty platform for smart contracts and DeFi projects. It’s where security researchers review code, disclose vulnerabilities, and make crypto safer for all participants.

About Wormhole

Wormhole is a generic message passing protocol that connects high value blockchains together. Its applications leverage the core messaging layer to facilitate interoperability between ecosystems. Secured by 19 guardians, developers leverage the protocol to send arbitrary data cross-chain including tokens, NFTs, oracle data, governance decisions, and more. Recent implementations of Wormhole include the Portal bridge and NFT bridge, which allow for seamless asset transfers across supported chains. Wormhole is currently connected to Solana, Terra, Ethereum, Binance Smart Chain, Polygon, Avalanche, and Oasis. Its design — which is easily extensible and upgradable — allows for quick consensus, connects more chains, and enables developers to build on top of Wormhole easily.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Cross-chain interoperability protocol connecting high value blockchains