18 June 2021
Live since
KYC required
Maximum bounty

Program Overview

Gnosis builds new market mechanisms for decentralized finance. Our interoperable product lines allow you to securely create, trade, and hold digital assets on Ethereum:

Gnosis Safe, the most trusted platform for managing digital assets on Ethereum, provides critical infrastructure for DAOs and DeFi while setting the standard for user-controlled fund storage. We’re trusted by users like Vitalik Buterin, and key projects like Gitcoin, to secure >$21Billion in ERC-20s and NFTs.

Gnosis Protocol (GPv2) leverages batch auctions to provide MEV protection, plus integration with liquidity sources across DEXs to offer traders the best prices. CowSwap, is a proof-of-concept dapp (decentralized application) built on Gnosis Protocol V2 (GPv2).

The bug bounty programs are focused around their smart contracts and are primarily concerned with the loss of user funds.

Rewards by Threat Level

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing subjects from consequence of exploitation, to privilege requirements, to likelihood of a successful exploit.

The rewards shown here are reflective of the maximum amount of rewards for all the Gnosis bug bounty programs on Immunefi.

The Gnosis core development team, employees, and all other people paid by Gnosis, directly or indirectly (including the external auditors), are not eligible for rewards for any Gnosis bug bounty program.

In order to be eligible for a reward, bug reports must include an explanation of how the bug can be reproduced, a failing test case, a valid scenario in which the bug can be exploited. If a fix that makes the test case pass is provided, an additional USD 4 000 is provided for critical vulnerabilities, which is reflected in the maximum amount quoted here.

In addition to the Immunefi Severity Classification System, additional information is provided for each severity level in each respective Gnosis bug bounty program. In case of discrepancies between this information and the Immunefi Severity Classification System, this information will prevail.

Payouts are handled by the respective representing group or organization of Gnosis directly and are denominated in USD. However, payouts are done in ETH, DAI, or GNO, depending on the Gnosis bug bounty program.

Bug Bounty Programs

https://immunefi.com/bounty/gnosissafe/Gnosis Safe
https://immunefi.com/bounty/gnosisprotocolv2/Gnosis Protocol V2

Smart Contracts and Blockchain

Up to USD $54,000
Up to USD $10,000
Up to USD $2,000

Prioritized Vulnerabilities

Provided within each Gnosis bug bounty program

Out of Scope & Rules

Provided within each Gnosis bug bounty program.