Bug Bounty

We reward security researchers who help us keep SwapCult safe. Report vulnerabilities responsibly and earn rewards based on impact.

Rewards by threat level

Smart contract & platform

CriticalUp to USD $100,000

HighUSD $5,000 – $20,000

MediumUSD $1,000 – $5,000

LowUSD $1,000

Rewards are distributed according to the impact of the vulnerability. All bug reports must include a proof of concept (PoC) and a suggestion for a fix to be considered for a reward. Known issues from past audit reports are out of scope.

View impacts in scope

Program overview

SwapCult is a privacy-focused cryptocurrency exchange offering instant, non-KYC swaps. Our bug bounty program focuses on smart contracts and platform security and aims to prevent:

Economic exploits
Theft of governance or protocol funds
Theft or freezing of user principal of any amount

KYC not required

No KYC information is required for payout processing. We respect researcher privacy.

Prohibited activities

Default prohibited activities:

Any other actions prohibited by the SwapCult Bug Bounty Terms
Public disclosure of an unpatched vulnerability in an embargoed bounty
Automated testing that generates significant traffic
Denial of service attacks against project assets
Testing third-party systems (e.g. browser extensions, SSO, ad networks)
Phishing or social engineering against our team or users
Testing pricing oracles or third-party smart contracts
Testing on mainnet or public testnet; use local forks only

Submit bug