Lombard is on a mission to unlock Bitcoin's potential as a dynamic financial tool by connecting it to DeFi with LBTC. LBTC is a secure Bitcoin LST, developed by Lombard on top of Babylon. It's a yield-bearing, natively cross-chain, liquid Bitcoin backed 1:1 by BTC. With LBTC, Bitcoin can be held as a store of value and simultaneously used to lend, borrow, stake, trade, and transfer in DeFi across multiple blockchain ecosystems
Live
Triaged by Immunefi
PoC required
KYC required
This Audit Competition Is Live!
$20,000 - $100,000 USD in rewards available for finding bugs in Lombard codebase of about 6000 nSLOC. KYC is required.
Any technical questions and support requests can be asked directly to Lombard or Immunefi in the Lombard Audit Competition Discord channel.
When the Audit Competition has ended Immunefi will publish an event-specific leaderboard and bug reports from the event.
Rewards
Rewards by Threat Level
Lombard provides rewards in USDC on Ethereum, denominated in USD. The following reward terms are a summary. For the full details read our Lombard Audit Competition Reward Terms
Rewards are distributed all at once after the competition has ended. No rewards are distributed during the competition.
The reward pool size is determined by the greatest condition met. If multiple conditions are met only the largest reward pool applies.
If one or more Critical severity bugs are found, the reward pool will be - $100,000 USD If one or more High severity bugs are found, the reward pool will be - $75,000 USD If one or more Medium severity bugs are found, the reward pool will be - $35,000 USD If one or more Low severity bugs or only Insights [no valid bugs] are found, the reward pool will be - $20,000 USD
Duplicates and private known issues are valid for a reward.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.3.
Insight Rewards Payment Terms
Insight Rewards: Portion of the Rewards Pool
*The "Insight" severity was introduced on Boost (Audit Competitions) & Attackathon programs to recognize contributions that extend beyond identifying immediate vulnerabilities. Currently, it's not an option to select the Insight severity when submitting a report. However, our team or program will designate it accordingly if applicable. "Insights" underscores our commitment to valuing all types of contributions that contribute to a more secure environment and will always be rewarded. View more information about Insights
Duplicates of Insight reports are not eligible for a reward.
Program Overview
Lombard is on a mission to unlock Bitcoin's potential as a dynamic financial tool by connecting it to DeFi with LBTC. LBTC is a secure Bitcoin LST, developed by Lombard on top of Babylon. It's a yield-bearing, natively cross-chain, liquid Bitcoin backed 1:1 by BTC. With LBTC, Bitcoin can be held as a store of value and simultaneously used to lend, borrow, stake, trade, and transfer in DeFi across multiple blockchain ecosystems.
Founded in April 2024, Lombard is dedicated to unlocking Bitcoin's potential as a dynamic financial tool by connecting it to DeFi. Lombard is building the universal standard for Bitcoin. Secured by Bitcoin-aligned ecosystem players, Lombard enables the yield-bearing BTC to move cross-chain without fragmenting liquidity, paving the way to become the single largest catalyst for onboarding net new capital into DeFi.
Bitcoin represents over 50% of the cryptocurrency market. But its interoperability with DeFi has been limited to date.
Our flagship product, LBTC—a yield-bearing, cross-chain, liquid Bitcoin backed 1:1 by BTC— changes this and brings DeFi interoperability to ‘digital gold’. For the first time Bitcoin can be held as a store of value, and simultaneously used to earn, stake, trade, and transfer in DeFi at scale. Jump to LBTC.
LBTC opens up new opportunities for Bitcoin holders to earn, stake, and trade on-chain, all while retaining Bitcoin as a store of value. For DeFi protocols, LBTC provides increased liquidity and user activity by unlocking $1.4 trillion new capital.
Lombard is currently live on Ethereum mainnet in Public Beta, where eligible participants are staking native BTC and minting LBTC.
For more information about Lombard, please visit https://www.lombard.finance/
Final Commit report link here
This Audit Competition is running on mainnet. The following conditions apply:
- Lombard team will freeze the codebase during the duration of the Audit Competition
- Duplicates are rewarded
KYC Requirement
Lombard will be requesting KYC information in order to pay for successful bug submissions. The following information will be required
- Full name
- Date of birth
- Proof of address (either a redacted bank statement with address or a recent utility bill)
- Copy of Passport or other Government issued ID
KYC required
The submission of KYC information is a requirement for payout processing.
Proof of Concept
Proof of concept is always required for all severities.
Feasibility Limitations
The project may be receiving reports that are valid (the bug and attack vector are real) and cite assets and impacts that are in scope, but there may be obstacles or barriers to executing the attack in the real world. In other words, there is a question about how feasible the attack really is. Conversely, there may also be mitigation measures that projects can take to prevent the impact of the bug, which are not feasible or would require unconventional action and hence, should not be used as reasons for downgrading a bug's severity.
Therefore, Immunefi has developed a set of feasibility limitation standards which by default states what security researchers, as well as projects, can or cannot cite when reviewing a bug report.