Bug Bounty


The primary focus at Scallop is to provide a DeFi protocol that upholds the highest security standards. We are launching a bug bounty program, inviting the community to help identify potential vulnerabilities in our system. The emphasis is on smart contract security to protect user funds and maintain the platform's solvency. UI-related bugs are excluded. Submit any discovered bugs to bug@scallop.io for the opportunity to earn rewards up to $300,000.

Requirements To participate in the bug bounty program, please adhere to the following guidelines:

  1. Report any discovered bugs or vulnerabilities exclusively to the Scallop Project Contributors at bug@scallop.io.

  2. Ensure that the reported bug or vulnerability is previously undisclosed, falls within the scope of this program, and is not part of any publicly available audits.

  3. If multiple reports of the same vulnerability are received, only the first submission will be considered for a reward.

  4. Do not exploit the bug or vulnerability in any manner, including public disclosure or personal profit (aside from this program's rewards).

  5. All rewards will be paid in SUI/USDC/SCA and sent to the wallet address provided by the reporter. Rewards cannot be converted to other cryptocurrencies or fiat.


The Scallop Project Contributors will evaluate each submission individually, and rewards will be determined based on the severity of the issue:

  • Critical: Up to $300,000

  • High: Up to $30,000

  • Medium: Up to $3,000

  • Low: Up to $300

Recommended Report Format Please include the following information when submitting a bug report:

  • Name:

  • Telegram ID:

  • Sui Wallet Address:

  • Description:

  • Vulnerability Type:

  • Affected Components:

  • Additional Information:

  • (Include any relevant screenshots or supporting documents)

Last updated