Submit a Bug
05 January 2021
Live since
KYC required
Maximum bounty

Program Overview

Perpetual protocol, formerly known as Strike, was created in 2019 inspired by emerging DeFi protocols such as Synthetix and Uniswap. The team sought to combine the merits of these protocols to create a decentralized perpetual contract trading protocol on Ethereum. The protocol is capable of supporting 20x leverage, short positions, and lower slippage compared to other AMMs thanks to its virtual AMM (vAMM) design.

Unlike well known Automated Market Makers used for both token swaps and price discovery, the vAMM is solely used for price discovery to handle leverage and short positions. Similar to Uniswap, traders can trade with the vAMM without central authorities and is designed to be market neutral and fully collateralized.

PERP is the protocol’s ERC-20 native token. PERP tokens allow community members to govern the protocol and stake their tokens for a fixed amount of time to the Staking Pool. In return, holders are rewarded with the staking incentive, which includes rewards in PERP and transaction fees.

Further resources regarding Perpetual can be found on their website,

Rewards by Threat Level

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.

The maximum payout for a “Critical” bounty is 10% of the total value locked in the “Clearing House” contract, currently estimated at a maximum base payout of USD 820 000, but with a minimum payout of USD 10 000. This page will update periodically to reflect changes in TVL. Click here to view the most up-to-date balance. For calculation purposes the TVL used will be the balance found in the “Clearing House” as at the date of submission.

Base payouts are handled by the Perpetual team directly and are denominated in USD. All amounts are calculated using a 7 day TWAP price which ends on the day of submission (i.e. 7 day prices are from date of submission - 7 days until date of submission). However, payouts are done in PERP.

Smart Contract

See above for more information
USD $5,000 - USD $9,999
USD $1,000 - USD $4,999
Up to USD $999
USD $0

Assets in scope

Prioritized Vulnerabilities

Perpetual is especially interested in receiving and rewarding vulnerabilities of the following types:

  • Theft of assets from the system
  • Assets locked permanently inside the system

Additionally, Perpetual seeks reports of the following Immunefi Common Vulnerabilities.

The following Immunefi Commonly Excluded Vulnerabilities are excluded from the Perpetual bug bounty program.

Out of Scope & Rules