We’re excited to announce that Kiln, a leader in secure and non-custodial staking solutions, has launched two bug bounty programs on Immunefi for their DeFi and Onchain platforms. These programs, with a combined maximum payout of $1,000,000, invite security researchers to identify vulnerabilities within the Kiln DeFi and Kiln Onchain v2 protocols, enhancing the security of their offerings.

What is Kiln DeFi?

Kiln DeFi empowers non-custodial platforms to offer DeFi rewards products such as lending digital assets like stablecoins and RWA distributors. Users can deposit any ERC20 token into vaults while retaining full control over their staked assets. The Kiln DeFi platform simplifies the process by offering a unified 4626 interface, enabling integrators and third parties to generate fees on deposits or rewards — delivered onchain.

Kiln DeFi’s primary focus is on EVM Smart Contracts, making this bug bounty program an opportunity for security researchers to dig into the mechanics of staking and reward distribution. While dApps and reporting stacks are out of scope, this bounty program is dedicated to Kiln’s Smart Contract layer, offering lucrative rewards for critical vulnerabilities.

What is Kiln Onchain v2?

Kiln Onchain v2 offers a next-level staking solution for ETH. It allows users to stake ETH on operator pools while maintaining exclusive access to their staked assets. Operators register validation keys and offer staking services, while integrators can build on top of these services. This decentralized structure, supported by Ethereum Smart Contracts, ensures secure and efficient staking.

This bug bounty program focuses on the security of the Smart Contracts that govern staking and operator interactions. dApps and validation infrastructure fall outside the scope, but vulnerabilities within the Kiln Onchain v2 protocol itself offer substantial rewards, giving security researchers the chance to secure a critical component of decentralized ETH staking.

Bug Bounty Program Overview

Both programs are live on Immunefi, offering rewards based on the severity of the findings, as categorized by the Immunefi Vulnerability Severity Classification System:

• Critical vulnerabilities: Up to $500,000
• High severity vulnerabilities: Up to $50,000
• Medium severity vulnerabilities: Up to $20,000

The rewards reflect Kiln’s commitment to security, incentivizing researchers to disclose vulnerabilities that could impact user funds, staking rewards, and the overall functionality of their Smart Contracts.

Scope of the Programs

Kiln DeFi

Assets in scope include the Kiln DeFi Smart Contracts, which manage vaults, upgradeable beacons, and connectors with various DeFi platforms like Aave and Compound. Vulnerabilities that could lead to direct theft, permanent freezing of funds, or protocol insolvency are considered critical and eligible for the top rewards.

Kiln Onchain v2

The Kiln Onchain v2 program covers Smart Contracts responsible for staking, validator registration, and ETH deposits across operator pools. Researchers can target vulnerabilities that could lead to theft of user funds, freezing of staking pools, or tampering with reward distribution.

By participating in these programs, researchers not only help protect user funds but also contribute to the future of secure DeFi and staking solutions. Kiln’s ongoing commitment to transparency, security, and collaboration with the security community positions them as a trusted player in the decentralized staking landscape.

About Immunefi

Immunefi is the leading onchain crowdsourced security platform, connecting security researchers with blockchain projects to safeguard their ecosystems. With a community of over 45,000 researchers, Immunefi has prevented more than $25 billion in potential losses across Web3 and has paid out over $100 million to whitehats for their invaluable contributions.

We encourage all security researchers to join these programs and help fortify the future of decentralized finance and staking on Kiln’s platforms.

For more information, visit the Kiln DeFi Bug Bounty Program page and the Kiln Onchain v2 Bug Bounty Program page.

About Kiln

Kiln is the leading digital asset rewards management platform, enabling institutional customers to earn rewards on their digital assets, or to whitelabel earning functionality into their products. Our platform is API-first and enables fully automated validators, rewards, and data and commission management. With over $8.6 billion crypto assets being programmatically staked, Kiln has a particularly strong track record on Ethereum as we run about 4.5% of the network; this includes 43,000+ active validators with 0 slashing events.