Beanstalk

This bug bounty program is focused on securing all 3 of the following projects:

Beanstalk is a permissionless fiat stablecoin protocol;
Basin is a composable EVM-native decentralized exchange protocol; and
Pipeline is a sandbox contract that can execute an arbitrary number of actions within the EVM from an EOA in a single transaction.

ETH

Defi

Infrastructure

DAO

DEX

Stablecoin

Solidity

Typescript

Maximum Bounty

$1,100,000

Live Since

11 October 2022

Last Updated

19 March 2026

PoC Required
Vault program

Submit a Bug

Information Scope Resources

Assets Body

Additional Resources

All Beanstalk smart contracts and the Beanstalk UI can be found at https://github.com/BeanstalkFarms/Beanstalk. However, only those in the Assets in Scope section are considered as in-scope of the bug bounty program. The following links may also be helpful:

Beanstalk

Beanstalk Whitepaper
Beanstalk Docs
Beanstalk Technical Docs
Beanstalk GitHub
Beanstalk Discord
Beanstalk on Louper

Basin

Basin Whitepaper
Multi Flow Pump Whitepaper
Basin Docs
Basin GitHub
Basin Discord

Pipeline

Pipeline Whitepaper
Pipeline GitHub

Submit a Bug