Bug bounty presence & max payout

Across Protocol's assessment for RD-F-007 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Across runs a self-hosted bug bounty program at https://docs.across.to/resources/bug-bounty with max critical payout $1,000,000. Contact: bugs@across.to. Tier structure: Low $250, Medium $1,000, High $10,000, Critical $1,000,000. Immunefi slug `across` returns 404 suggesting the program is self-hosted rather than on Immunefi. No evidence found that this is an active Immunefi-listed program as of 2026-04-21. Self-hosted program with $1M critical = green (≥$500K active program).

Sources #

URL
https://docs.across.to/resources/bug-bountyretrieved 2026-04-28
URL
Across Protocol bug bounty — self-hosted, $1M critical maxhttps://www.bugbountydirectory.com/programs/acrossretrieved 2026-04-26

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-007 score green collected_at 2026-04-30 21:19:18