Port Finance Bug Bounty

Port Finance Bug Bounty

Port Finance aims to provide a whole suite of money market products. They aim to provide variable rate lending, fixed rate lending and also interest rate swap products. Their backers include Jump Capital, Alameda Research, Defi Alliance, a41 and founders of other Solana projects such as Mercurial, Solanium and Raydium.

They are the first variable rate lending product that is live on Solana. Currently, Port Finance supports 13 different assets from the Solana, Ethereum, Terra and Bitcoin networks.

In December 2021, they launched their first fixed rate lending product Sundial and they believe that the fixed rate lending protocol will unleash the true potential of the Solana blockchain by providing an effective interest rate discovery mechanism using Serum.

Your Goal: Explore Port Finance and report smart contracts bugs that could cause 1) Loss of any user funds 2) Insolvency of the platform


🥇Reward tiers by threat level:

  1. Critical
    1. Prize Amounts: Up to $500,000 & a minimum of $50,000 ( At the discretion of the team)
  2. High
    1. Prize Amounts: $20,000

Note: You can make reasonable assumptions about the severity based on your experience and include the same in your application.

Assets in scope:

Smart Contract - Port Finance Variable Rate Lending
Smart Contract - Port Finance Staking

Out of scope:

How to Submit a Bug Report

  1. Check out the assets in scope mentioned above
  2. If you have a Bug to report, you can submit it here
  3. An introductory mail will be sent connecting you with the sponsor.
  4. You can share further details with regards to your report.


Terms & Conditions:

General Conduct

  • Do not publicly disclose a bug before the appropriate permissions have been provided by the sponsor.
  • Submitting work that is not yours will get you disqualified.
  • The bounty is subject to final review by the sponsors of the particular bounty.
  • Practice reasonable, responsible, and transparent behaviour during the entire process.
  • The bug bounty campaign is always ongoing, and we welcome any issue you want to report.


  • Ensure that if we find a similar bug reported from different individuals, the first one who reported it would be considered for the rewards.
  • Rewards to the participants are based on the issue and its type.
  • Payouts are done in USDCPORT or a combination of both, at the discretion of the team.

Participation in this bounty is entirely voluntary. Bounties are a way to learn and dabble in opportunities to build in web3. These are neither full time jobs nor project based engagement. Please be advised that the sponsors will not have time for individualized feedback due to the number of entries we receive. Please check out