Bug bounty presence & max payout

Concrete's assessment for RD-F-007 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cantina $250,000 USDC bug bounty is active for Concrete — targeting core vault infrastructure, strategy integrations, and withdrawal safety. No Immunefi program (HTTP 404). The $250K total pool is below the ≥$500K green threshold. Per-severity maximum payout not publicly specified. Yellow ($50K–$499K effective range; scope covers core contracts).

Sources #

URL
Immunefi Concrete (not found)Immunefi 404 — no programretrieved 2026-05-17
URL
Cantina x Concrete Bug Bounty AnnouncementCantina $250K USDC bug bounty announcementretrieved 2026-05-17

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-007 score yellow collected_at 2026-05-17 14:36:59