Skip to content
All about technology.All about cybersecurity.All about data & cloud computing.

Coinbase offers a $5 million reward for discovering vulnerabilities in Cantina, aimed at reinforcing the security of Base and its on-chain products.

Coinbase releases a $5 million bug bounty initiative in collaboration with Cantina, aiming at vulnerabilities in Base and blockchain products. Researchers are now welcome to find and report bugs for monetary compensation.

 and  Administrator
3 min read
Coinbase initiates a $5 million reward program for identifying security vulnerabilities in Cantina,...
Coinbase initiates a $5 million reward program for identifying security vulnerabilities in Cantina, targeting the fortification of Base and blockchain offerings.

Coinbase offers a $5 million reward for discovering vulnerabilities in Cantina, aimed at reinforcing the security of Base and its on-chain products.

In a significant move to enhance the security of its on-chain products and Base layer 2 network, Coinbase, the leading cryptocurrency exchange, has launched a $5 million bug bounty program on Cantina. This initiative marks one of the largest web3 security initiatives to date, focusing on strengthening the security of smart contracts deployed on the mainnet by Coinbase.

The program, which targets vulnerabilities in all smart contracts used by Coinbase products or having production use-cases, including contracts for Base, Coinbase’s Ethereum layer 2 network, aims to identify and fix critical vulnerabilities across Coinbase's smart contracts.

The scope of the program is focused on smart contracts actively used in production on the mainnet. Only smart contracts that are in active use are eligible, with Coinbase reserving the right to reward vulnerabilities in out-of-scope contracts at its discretion. Off-chain vulnerabilities should be reported via Coinbase’s existing HackerOne bounty program.

Reward tiers for the program range from critical vulnerabilities, which could earn researchers up to $5,000,000, to low severity vulnerabilities, which could earn up to $5,000. The rewards depend on the significance and reproducibility of the vulnerability, encouraging clear and actionable disclosures.

Researchers submit their findings via Cantina’s platform, where each report is triaged by experts. Cantina's platform streamlines review workflows for security submissions, lowering the number of low-value submissions by combining AI-powered tools with expert-led triage.

This bounty builds on prior security collaborations between Coinbase and Cantina, including audits of key components like WebAuthn modules and Nitro Validators. It is part of Coinbase’s ongoing commitment to web3 security and reflects heightened priority on safeguarding user funds and infrastructure following recent security challenges.

The strategic importance of this program lies in its potential to proactively harden Coinbase's decentralized products, given the rapid institutional adoption of Base, with notable integrations like JPMorgan’s JPMD token and Shopify’s USDC payments. This makes its security critical for broader ecosystem trust.

In a separate event, a court has ruled that the IRS can collect Coinbase user data without warrants, signalling a different regulatory landscape for the cryptocurrency industry. Despite this, Coinbase remains committed to open collaboration with the security research community.

This program expands on Coinbase’s earlier collaboration with Cantina, setting a new security standard for large-scale web3 organizations. It complements similar efforts by Optimism (OP) to secure the OP Stack, further strengthening the security of the cryptocurrency ecosystem.

  1. Coinbase, a leading cryptocurrency exchange, launched a $5 million bug bounty program on Cantina to strengthen the security of its smart contracts deployed on the mainnet.
  2. The program targets vulnerabilities in smart contracts used by Coinbase products or with production use-cases, including contracts for Coinbase’s Ethereum layer 2 network, Base.
  3. Researchers can submit their findings via Cantina’s platform, where each report is triaged by experts, and rewards depend on the significance and reproducibility of the vulnerability.
  4. This initiative is part of Coinbase’s ongoing commitment to web3 security, reflecting a heightened priority on safeguarding user funds and infrastructure.
  5. The strategic importance of this program lies in its potential to proactively harden Coinbase's decentralized products, given the rapid institutional adoption of Base, with notable integrations like JPMorgan’s JPMD token and Shopify’s USDC payments.
  6. Despite a court ruling allowing the IRS to collect Coinbase user data without warrants, Coinbase remains committed to open collaboration with the security research community. This program expands on Coinbase’s earlier collaboration with Cantina, setting a new security standard for large-scale web3 organizations. It complements similar efforts by Optimism (OP) to secure the OP Stack, further strengthening the security of the cryptocurrency ecosystem.

Read also:

    Related

    Latest