Submit a Bug
05 January 2021
Live since
KYC required
Maximum bounty

Program Overview

Perpetual protocol, formerly known as Strike, was created in 2019 inspired by emerging DeFi protocols such as Synthetix and Uniswap. The team sought to combine the merits of these protocols to create a decentralized perpetual contract trading protocol on Ethereum. The protocol is capable of supporting 20x leverage, short positions, and lower slippage compared to other AMMs thanks to its virtual AMM (vAMM) design.

Unlike well known Automated Market Makers used for both token swaps and price discovery, the vAMM is solely used for price discovery to handle leverage and short positions. Similar to Uniswap, traders can trade with the vAMM without central authorities and is designed to be market neutral and fully collateralized.

PERP is the protocol’s ERC-20 native token. PERP tokens allow community members to govern the protocol and stake their tokens for a fixed amount of time to the Staking Pool. In return, holders are rewarded with the staking incentive, which includes rewards in PERP and transaction fees.

Further resources regarding Perpetual can be found on their website,

The bug bounty program is focused around its smart contracts and is mostly concerned with the loss of user funds. The program is further covered by the Armor Alliance Bug Bounty Challenge.


Verification of Perpetual's bug bounty program on Immunefi is available at

See verification

Rewards by Threat Level

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.

The maximum payout for a “Critical” bounty is 10% of the total value locked in the “Clearing House” contract, currently estimated at a maximum base payout of USD 740 000, but with a minimum payout of USD 10 000. This page will update periodically to reflect changes in TVL. Click here to view the most up-to-date balance. In addition to this, for payments greater than or equal to USD 50 000, ArmorFi will match the reward 1:1 in ARMOR up to the base payout amount of USD 250 000 with up to 24 months in vesting under the Armor Alliance Bug Bounty Challenge. With the current estimated maximum base payout, the estimated total maximum payout is USD 990 000.

Base payouts are handled by the Perpetual team directly and are denominated in USD. However, payouts are done in PERP. For the ARMOR rewards from the Armor Alliance Bug Bounty Challenge, it is paid by the ArmorFi team.

Smart Contracts and Blockchain

See below for more information
USD $5,000 - USD $9,999
USD $1,000 - USD $4,999
Up to USD $999
USD $0

Assets in Scope

Prioritized Vulnerabilities

Perpetual is especially interested in receiving and rewarding vulnerabilities of the following types:

  • Theft of assets from the system
  • Assets locked permanently inside the system

Additionally, Perpetual seeks reports of the following

Immunefi Common Vulnerabilities.

The following Immunefi Commonly Excluded Vulnerabilities are excluded from the Perpetual bug bounty program.

Out of Scope & Rules