Immunefi
Immunefi
Back to Explore
Pinto-logo

Pinto

Pinto is low volatility money built on Base.

Bounties are paid in Pinto, on Base, denominated in USD, via the Pinto Contract Multisig (PCM). For more details about the payment process, please view the Rewards by Threat Level section further below.

Base
Defi
Stablecoin
Solidity
JavaScript
Python
Maximum Bounty
$500,000
Live Since
04 December 2024
Last Updated
04 December 2024

  • Triaged by Immunefi

  • PoC required

Submit a Bug
InformationScopeResources

Rewards

Rewards by Threat Level

Smart Contract
Critical
Max: $500,000Min: $100,000
Primacy of Rules
High
Max: $100,000Min: $10,000
Primacy of Rules
Medium
Max: $10,000Min: $1,000
Primacy of Rules
Critical Reward Calculation

Mainnet assets:

Reward amount is 10% of the funds directly affected up to a maximum of:

$500,000

Minimum reward to discourage security researchers from withholding a bug report:

$100,000

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.3. The following is a simplified 3-level scale, focusing on the impact of the vulnerability reported. The complete scope can be found below.

In order to be considered for the maximum potential reward, bug reports must come with a Proof of Concept (PoC). Explanations and statements are not accepted in lieu of a PoC. Bug reports that do not come with a PoC may qualify for a maximum of up to 30% of the potential reward outlined below, as determined by the PCM or the committee it selects to operate the bug bounty program.

Funds at Risk for a given bug report are defined as follows:

  • Funds at Risk are determined based on the token amounts and USD values at time of the bug report submission;
  • For Pinto, Funds at Risk are determined based on the liquidatable USD value of the Pinto at risk;
  • For non-Pinto (ETH, WETH, WSOL, cbBTC, cbETH, USDC, etc.) in any in-scope assets, the Funds at Risk are determined based on their respective USD values;
  • For non-Pinto in Wallet Balances (i.e., outside of any in-scope assets), the Funds at Risk are determined to be 50% of their respective USD values; and
  • If the smart contract where the vulnerability exists can be upgraded or paused, only the Funds at Risk in initial attacks that can be executed within the first hour will be considered for a reward.

Reward Calculation for Critical Smart Contract Reports

Rewards for Critical smart contract vulnerabilities are capped at the lower of (a) 10% of practicable economic damage, or (b) USD 500 000, primarily taking into consideration the Funds at Risk. However, there is a minimum reward of USD 100 000 for Critical severity smart contract bug reports.

Reward Calculation for High Smart Contract Reports

Rewards for High smart contract vulnerabilities are capped at the lower of (a) 10% of practicable economic damage, or (b) USD 100 000, primarily taking into consideration the Funds at Risk. However, there is a minimum reward of USD 10 000 for High severity smart contract bug reports.

Reward Calculation for Medium Smart Contract Reports

Rewards for Medium severity smart contract vulnerabilities are scaled based on a set of internal criteria established by the PCM. However, there is a minimum reward of USD 1 000 for Medium smart contract bug reports. The PCM will primarily take into account:

  • The exploitability of the bug;
  • The impact it causes; and
  • The likelihood of the vulnerability presenting itself.

Reward Payment Terms

Payouts are handled by the Pinto Contract Multisig directly (or via a committee it selects) and are done in PINTO at the rate of 1 PINTO to 1 USD (i.e., amounts listed above are actually in PINTO) independent of liquidity (see PINTO liquidity here—as of writing, Pinto have over $25M of liquidity on the Pinto Exchange). Note that rewards can take some time to be paid out after a report is confirmed to be valid.

PCM Determination

The PCM shall determine whether a submitting party is entitled to a bug bounty/reward, and if so, the amount of such bounty/reward (and specifically, whether such submission qualifies for a Critical, High or Medium Impact bounty/reward, what is the potential practicable economic damage of such bug based on the Funds at Risk, and what the appropriate bounty/reward should be within each Impact range). The PCM’s determination of (i) whether such submission qualifies for a Critical, High or Medium Impact bounty/reward, (ii) what is the potential practicable economic damage of such bug based on the Funds at Risk, and (iii) whether such submission came with a PoC, thereby enabling it to be considered for the maximum potential applicable reward (vs. a submission that did not come with a PoC, thereby limiting such submission to a maximum of up to 30% of the applicable reward), shall be made in the PCM’s sole and absolute discretion absolute and shall be final, and not be subject to any appeal or challenge.

A submitting party may only dispute the PCM’s determination (a) that a submitting party is not entitled to any bug bounty/reward, or (b) what the appropriate bounty/reward should be within each Impact range. In such disputes, Immunefi will conduct a binding mediation. If the submitting party disputes the PCM’s decision that a submitting party is not entitled to any bug bounty/reward, Immunefi will mediate, and shall determine, in its sole and absolute discretion, which is non-appealable, whether the submitting party is entitled to any bug bounty/reward, and if so, the amount of such bug bounty/reward, up to USD 10 000 in the case of a smart contract bug reports (i.e., as if it were a Medium Impact fix). If the submitting party disputes the PCM’s determination what the appropriate bounty/reward should be within a specific Impact range, Immunefi will mediate, and shall determine, in its sole and absolute discretion, which is non-appealable, the amount of such bug bounty/reward in the relevant Impact category; however, Immunefi may not modify or change (i) the practicable economic damage determination made by the PCM, or (b) the PCM determination whether such submission came with a PoC, thereby enabling it to be considered it for the maximum potential applicable reward (vs. a submission that did not come with a PoC, thereby limiting such submission to a maximum of up to 30% of the applicable reward).

View impacts in scope

Program Overview

Pinto is low volatility money built on Base. This bug bounty program is focused on securing both Pinto and [Pinto Exchange. For more information about Pinto, see https://docs.pinto.money.

Bounties are paid in Pinto, on Base, denominated in USD, via the Pinto Contract Multisig (PCM). For more details about the payment process, please view the Rewards by Threat Level section.

Eligibility Criteria

Security researchers who wish to participate must adhere to the rules of engagement set forth in this program and cannot be:

  • A contributor to the project; or
  • A private auditor that has been paid by Pinto or a related party to review the code that is reported to be vulnerable.

Responsible Publication

  • The Pinto bug bounty program adheres to Category 1 - Transparent. This Policy determines that researchers can make public any information from their submitted bug reports. For more information about the category selected, please refer to our Responsible Publication page.

Primacy of Impact vs Primacy of Rules

The Pinto bug bounty program adheres to the Primacy of Rules, which means that the bug bounty program is run strictly under the terms stated on this page.

Previous Audits

Audit reports of the various in-scope assets can be found here. Any unfixed vulnerabilities mentioned in these reports (or otherwise known by the PCM) are not eligible for a reward.

Feasibility Limitations

The program may be receiving reports that are valid (the vulnerability is legitimate) and cite assets and impacts that are in scope, but there may be obstacles or barriers to executing any sort of attack in the real world. Conversely, there may also be mitigation measures that may be taken to prevent the impact of the bug, which are not feasible or would require unconventional action and hence, should not be used as reasons for downgrading a bug's severity.

Therefore, Immunefi has developed a set of feasibility limitation standards which by default states what security researchers, as well as projects, can or cannot cite when reviewing a bug report.

Immunefi Standard Badge

By adhering to Immunefi’s best practice recommendations, the Pinto bug bounty program has satisfied the requirements for the Immunefi Standard Badge.

KYC not required

No KYC information is required for payout processing.

Proof of Concept

Proof of concept is always required for all severities.

Responsible Publication

Category 1: Transparent

Feasibility Limitations

The project may be receiving reports that are valid (the bug and attack vector are real) and cite assets and impacts that are in scope, but there may be obstacles or barriers to executing the attack in the real world. In other words, there is a question about how feasible the attack really is. Conversely, there may also be mitigation measures that projects can take to prevent the impact of the bug, which are not feasible or would require unconventional action and hence, should not be used as reasons for downgrading a bug's severity.

Therefore, Immunefi has developed a set of feasibility limitation standards which by default states what security researchers, as well as projects, can or cannot cite when reviewing a bug report.

Severity
Min. - Max.
Critical
$100k -$500k
High
$10k -$100k
Medium
$1k -$10k
Total Assets in Scope
14