Up to $100,000 per Bounty in Forta’s Official Bug Bounty Program

Article by Forta Network Jun. 28, 2022

Today, the Forta Foundation announces an official bug bounty program with Immunefi, aimed at further enhancing the integrity and security of the Network.

Supporting seven chains and monitoring thousands of critical transactions, the Forta community relies on the network to provide critical alerts in real time, essential for security and operations. By establishing an effective bug bounty program, the Forta Network will better safeguard its own  security while securing its position as the de facto choice for on-chain monitoring.

Forta is a real-time detection network for security & operational monitoring of blockchain activity. Forta’s mission is to monitor all transactions and protect all assets in Web3 and fulfill protocol’s security monitoring needs.   

Immunefi Bug Bounty Program

Bug bounty programs offer a proven and effective way for projects to maintain security while scaling. This program with Immunefi, the leading DeFi bug bounty platform, establishes Forta’s first formal bug bounty program with up to $100,000 per bounty. Read more about payout thresholds, prioritized vulnerabilities, and Immunefi’s threat classification levels on the program’s official page.

“We are proud to serve as the official platform for Forta’s bug bounty program. The notion of providing real-time monitoring is a critical aspect of on-chain infrastructure that the space had not yet addressed. We couldn’t be happier to be making Web3 a safer place, together.” Mitchell Amador CEO and Founder of Immunefi

Areas of Interest

The areas of interest for the bug bounty program are as follows:

– Service wide disruption that impacts the ability of Forta to scan and analyze transactions
– Disruption of bot notifications (multiple channels)
– Reduction of capacity of the Network
– Inability to deploy new detection bots or reassign detection bots
– Inability to register new scan nodes
– Inability to deploy new detection bots or reassign detection bots; work around exist
– Any governance voting result manipulation
– Direct theft of any user funds whether at-rest or in-motion, other than unclaimed rewards
– Permanent freezing of funds
– Protocol insolvency
– Theft of unclaimed rewards
– Permanent freezing of unclaimed rewards
– Temporary freezing of funds for a minimum period of 7 days
– Deregistering/reassigning nodes/detection bots


The rewards by threat level are as follows:

– Critical: $100,000 USD
– High : $50,000 USD
– Medium: 20,000 USD
– Low: $5,000 USD

Smart Contracts
– Critical: $100,000 USD
– High : $50,000 USD
– Medium: 20,000 USD
– Low: $5,000 USD

Websites and Applications
– Critical: $100,000 USD
– High : $50,000 USD
– Medium: 20,000 USD
– Low: $5,000 USD

Threat levels are determined by Immunefi’s internal classification system. Refer to the official program page for areas of interest classified by threat levels and assets in scope. Learn more about Forta by visiting forta.org and reading the documentation at docs.forta.network