Security

Bug Bounty

Balancer's bug bounty program is among the largest in DeFiopen in new window with a maximum payout of 1,000 ETH for properly disclosed critical vulnerabilities. For more information of Balancer's Bug Bounty program, please visit our Immunefi pageopen in new window.

Note

Bounties only apply to protcol smart contracts. Bug reports pertaining to Balancer's web interfaces, both in terms of UI/UX or servers/infrastructure, are not eligible.

For security reports outside of the scope of the bug bounty program, please reach out via security@balancer.finance

Audits

Balancer has completed full audits with Certora, OpenZeppelin, Trail of Bits, and ABKD.

ScopeCompanyReport
Vault, Weighted Pool, Stable PoolOpenZeppelin2021-03-15open in new window
Vault, Weighted Pool, Stable PoolTrail of Bits2021-04-02open in new window
VaultCertora2021-04-22open in new window
MultiRewards, Stable PoolOpenZeppelin2021-10-09open in new window
Linear Pool, Stable Phantom PoolTrail of Bits2021-10-08open in new window
Timelock AuthorizerABDK2022-05-27open in new window
Batch RelayerTrail of Bits2022-05-27open in new window
Composable Stable PoolCertora2022-09-23open in new window
Composable Stable PoolTrail of Bits2022-09-02open in new window
Managed PoolTrail Of Bits2022-10-25open in new window

Audit reports can also be found in the Balancer V2 Core repositoryopen in new window.

Balancer x Certora Accelerator

On the 10th of October 2022open in new window, Balancer launched the Balancer Certora Security Accelerator in partnership with Certoraopen in new window. The Security Accelerator helps projects building on Balancer increase their code security.

The Accelerator provides code reviews and grants access to Certora’s formal verification Prover. This alignment strengthens the soundness of the code base and streamlines the go-to-market process for projects building on Balancer.

The Balancer x Certora Security Accelerator offers the following benefits:

  • Two weeks of manual code review by Certora engineers familiar with Balancer’s codebase
  • Set up and introduction of Certora’s formal verification Prover
  • $10.000 USD worth of credits for Certora’s formal verification Prover
  • Integration assistance by Balancer on code functionality and business logic