Find real bugs.
Get paid what they're worth.

A private, invite-only Web3 security network. CertiK reproduces and rates every finding independently — so severity isn't quietly negotiated down to dodge a payout. Protocols get findings they can act on, not a flooded inbox.

$250K
Max bounty
100%
CertiK-verified findings

Backed by CertiK: 5,181 projects secured, $500B+ assessed since 2018.

Currently invite-only for vetted researchers and selected protocol partners.

How CertiK Hunt works

report.private
TitleReentrancy in withdraw() drains vault
SeverityCritical
Affected assetVaultV2.sol · 0x6b…a91c
Proof of concept
const before = vault.balanceattacker.call{value: 0}(...)assert(vault.balance < before)
Attachmentexploit-poc.ts
Submit report
01
Submit a Bug Report

Qualified security researchers identify vulnerabilities in participating projects and submit their reports through the platform.

02
Verification and Triaging

Each submission is independently reviewed by CertiK — including a severity assessment set by CertiK, not the protocol — and delivered to the project along with the researcher's original report.

03
Reward

Accepted findings are paid out under responsible disclosure. CertiK runs triage and payouts; the protocol ships the fix.

why certik hunt?

Built for signal, not noise

Real vulnerabilities. Real rewards.

Vetted on both sides

CertiK carefully selects and approves both the programs and the researchers — no open submissions, no anonymous spam.

Independent verification

Every submission undergoes an independent review by CertiK to validate the finding before it is shared with the project.

Confidential by default

Every submission is handled confidentially, with security and privacy maintained throughout the process.

For researchers and protocols

A private network connecting vetted researchers with serious protocols, with CertiK validating findings in between.

Researchers

High-quality programs

Vetted, funded programs with active scopes and clear reward terms.

Independent verification

CertiK reviews reproducibility, severity, and scope before escalation.

Tracked decisions and rewards

Status, rationale, and payout progress stay visible in one place.

Protocols

Only reproduced findings reach your team.

Spam, duplicates, and out-of-scope reports are filtered before review.

CertiK-led triage

A CertiK expert reproduces the finding and rates its severity.

Controlled disclosure

Reports remain confidential through a scoped responsible disclosure process.

Get started with CertiK Hunt

Join a private network where vetted researchers surface real vulnerabilities and protocols get actionable, CertiK-verified findings, with duplicates and out-of-scope reports already filtered.

Researchers

Join as a researcher

Request my invite or redeem an existing code to work live programs with independent triage.

  • Live, funded scopes
  • Independent severity review
Protocols

Run a program

Launch a private CertiK Hunt program with CertiK verifying signal before it reaches your team.

  • Screened intake
  • Private disclosure flow
Read the FAQ