Centrifuge Protocol

Centrifuge V3.1 is an open, decentralized protocol for onchain asset management. Built on immutable smart contracts, it enables permissionless deployment of customizable tokenization products.

Build a wide range of use cases—from permissioned funds to onchain loans—while enabling fast, secure deployment. ERC-4626 and ERC-7540 vaults allow seamless integration into DeFi.

Using protocol-level chain abstraction, tokenization issuers access liquidity across any network, all managed from one Hub chain of their choice.

Prohibited Actions

No Unauthorized Testing on Production Environments: Do not test vulnerabilities on mainnet or public testnet deployments without prior authorization. Use local test environments or private test setups.
No Public Disclosure Without Consent: Do not publicly disclose details of any vulnerability before it has been addressed and you have received written permission to disclose.
No Exploitation or Data Exfiltration: Do not exploit the vulnerability beyond the minimum steps necessary to demonstrate the issue. Do not access private data, engage in social engineering, or disrupt service.
No Conflict of Interest: Individuals currently or formerly employed by Centrifuge, or those who contributed to the development of the affected code, are ineligible to participate.

Disclosure Requirements

Please report vulnerabilities directly through the Spearbit/Cantina platform. Please include:

A clear description of the vulnerability and its impact.
Steps to reproduce the issue, ideally with a proof of concept.
Details on the conditions under which the issue occurs.
Potential implications if the vulnerability were exploited.

Reports should be made as soon as possible—ideally within 24 hours of discovery.

Eligibility

To be eligible for a reward, you must:

Be the first to report a previously unknown, non-public vulnerability within the defined scope.
Provide sufficient information to reproduce and fix the vulnerability.
Not have exploited the vulnerability in any malicious manner.
Not have disclosed the vulnerability to third parties before receiving permission.
Comply with all Program rules and applicable laws.

You must also be of legal age in your jurisdiction and not be a resident in a country under sanctions or restrictions, as required by applicable laws.

Severity and Rewards

Vulnerabilities are classified using two factors: Impact and Likelihood. The combination of these factors determines the severity and guides the reward amount.

Risk Classification Matrix

Severity Level	Impact: Critical	Impact: High	Impact: Medium	Impact: Low
Likelihood: High	Critical	High	Medium	Low
Likelihood: Medium	High	High	Medium	Low
Likelihood: Low	Medium	Medium	Low	Informational

Impact Definitions:

Critical: Leads to severe loss of user funds, permanent system disruption, or widespread compromise. An issue that results in losses (by stealing, wasting or permanently freezing) amounting to more than 10% of the total TVL is considered a critical impact.
High: Causes notable financial loss or significantly harms user trust, but on a lesser scale than Critical.
Medium: Results in limited financial damage or moderate system impact.
Low/Informational: Minimal direct risk but may indicate areas for improvement.

Likelihood Definitions:

High: Very easy to exploit or highly incentivized.
Medium: Exploitation is possible under certain conditions.
Low: Difficult to exploit or requires highly specific conditions.

Maximum Rewards:

Critical: $250,000
High: $50,000
Medium: $5,000

Notes on Severity Classifications

Any issue where one pool manager can impact other pools will be paid at most 50% of the max critical payout ($125,000), since this is a controlled set (pool managers are whitelisted).
Any cross-chain messaging DoS issue (regardless of the impact of the DoS issue) is at most high severity.
Any issue that requires integration of the SimplePriceManager and/or NAVManager contract (i.e. it uses onchain accounting) is at most medium severity.
Any DoS issue which is localized to a contract that can be disabled through role updates (such as the QueueManager that can be disabled by removing its balance sheet manager role) is at most medium severity.
Any issue related to bypassing transfer hooks is at most medium severity.
Any issue that causes loss of funds in the refund escrow (outside of spamming through vaults, which is fully out of scope) is at most medium severity.

Other Terms

By submitting a report, you grant Centrifuge the rights necessary to investigate, mitigate, and disclose the vulnerability. Reward decisions and eligibility are at the sole discretion of Centrifuge. The terms, conditions, and scope of this Program may be revised at any time. All participants are responsible for reviewing the latest version before submitting a report.