Bug bounty presence & max payout

EigenLayer's assessment for RD-F-007 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Immunefi bug bounty program active with confirmed $2M floor (per Stage 1 launch blog, 2023). August 2025 Immunefi disclosure of EigenPods vulnerability handled effectively — demonstrating active program. Live Immunefi page (immunefi.com/bug-bounty/eigenlayer/) returned 404 and docs page (docs.eigencloud.xyz/eigenlayer/security/bug-bounty) returned 403 as of 2026-04-28. Current maximum payout and exact in-scope contract list cannot be verified from live sources. Scored yellow for inaccessible live scope confirmation.

Sources #

Governance
EigenPods Bug Fix Completed — Immunefi disclosure confirmed activeEigenPods Aug 2025 bug forum post — Immunefi disclosure handledretrieved 2026-04-28
URL
EigenLayer Stage 1 Mainnet Launch — bug bounty mentionEigenLayer Stage 1 launch blog — $2M bug bounty via Immunefiretrieved 2026-04-28

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol eigenlayer factor RD-F-007 score yellow collected_at 2026-04-28 13:58:44