This program requires a submission fee for all bug reports. Security researchers must pay a non-refundable fee at the time of report submission. This fee is collected by Immunefi and is not paid to the project. The fee applies to all severity levels and is required before the report can be reviewed.
Lombard is an onchain Bitcoin company, issuing institutional-grade Bitcoin assets, onchain financial solutions and core infrastructure. Founded in 2024, the company's products—including LBTC, the leading yield-bearing Bitcoin, BTC.b, the Lombard SDK, and Bitcoin Smart Accounts—enable Bitcoin to become productive capital across decentralized finance.
Triaged by Immunefi
PoC Required
Vault program
KYC required
Arbitration enabled
Codebase
Documentation
The scope references GitHub URLs to specific contract source files. The same contracts are deployed across multiple chains — deployed addresses can be found in our public mainnet.json files.
EVM chains: Ethereum, BNB Chain, Base, Berachain, Sonic, Morph, Etherlink, Ink, Katana, TAC, Scroll, BOB, Avalanche, Monad, Stable, MegaETH — https://github.com/lombard-finance/evm-smart-contracts/blob/main/mainnet.json
Sui — https://github.com/lombard-finance/sui-move-contracts/blob/main/mainnet.json
Starknet — https://github.com/lombard-finance/starknet-cairo-contracts/blob/main/mainnet.json
Note: not all contracts listed in mainnet.json are in scope — only those explicitly included in the scope section above.