CoW Protocol-logo

CoW Protocol

The CoW team, for and on behalf of and at the expense of CoW DAO, is running a bug bounty program focused on CoW Protocol, a fully permissionless protocol that leverages batch auctions to provide MEV protection, plus integrates with on-chain liquidity sources to offer traders the best prices.

ETH
Gnosis
Defi
AMM
DEX
Solidity
Maximum Bounty
$1,000,000
Live Since
15 June 2021
Last Updated
20 December 2024
  • PoC required

We only accept reports for issues that can be reproduced in the smart contracts deployed at the following addresses: 0x9008d19f58aabd9ed0d60971565aa8510560ab41

This corresponds to commit 6ebbd810ff2da635fb6f88e9a15fde196f8c852a in the official repository.

For the Initializable, ReentrancyGuard, SafeCast, SafeMath, IERC20, and IVault smart contracts, this bug bounty program only accepts bug reports for the changes that were performed compared to the original, as well as any improper use of them that leads to actual issues in the contracts previously mentioned to be in scope. Any bug that is reproducible in the original vendored contract is out of scope.

Any vulnerabilities mentioned in this audit report are considered as out-of-scope.