We’ve re-launched our bug bounty programme!

We’ve re-launched our bug bounty programme!

What is a bug bounty programme?

A bug bounty programme is an initiative that rewards you for discovering and reporting bugs or vulnerabilities. At Curve, we want to provide you with the best security possible and need your help to make sure that we’re doing just that.

With a bug bounty programme, you have the opportunity to report any bugs or vulnerabilities you discover in exchange for recognition and compensation. These could be found on the Curve app or on the Curve website.

A bug is a vulnerability in the software that allows something to behave unexpectedly. A vulnerability is a weakness that allows a malicious hacker to exploit a system. Make sure you read the scope of our programme to report the relevant issues you discover. You can find the full scope of accepted issues on our HackerOne webpage.

How does it work?

Follow the steps below if you’d like to take part:

  1. Take a look at this guide to bug bounty programs if you’re a beginner.
  2. Create an account on HackerOne’s website.
  3. Start hacking! :female_detective:
  4. Submit any vulnerabilities or bug reports on our Curve bounty program webpage.

What else should I know?

You’ll be rewarded! Depending on the type of vulnerability you discover, you might earn between $150 and $12,000.00. Plus, you may also get a free subscription to Curve Metal or early access to upcoming features. All reports will be judged on a case by case basis by Curve and the decision will be at the sole discretion of the Curve team. Any decision made by Curve on the level of reward offered will be final.

We also don’t accept bugs or vulnerabilities sent to us outside of the HackerOne programme so make sure that you report them correctly.


Damn, I just reported a free spending bug a couple of days ago… Maybe that would have been worth a few dollars :flushed: