gTokens Bug Bounty (Up to $100,000)

Credit: The rules were inspired by AAVE’s bug bounty.

We’re very happy to announce that the first two gTokens (gcDAI & gcUSDC) are now fully functioning on mainnet, the code has been reviewed, tested and audited internally several times but in order to achieve the maximum level of security there will also be audits by third parties and the bug bounty that is presented in this post.


1-Public disclosure of a vulnerability would make it ineligible for a reward.

2-Duplicated issues are not eligible for reward. The first submission would be the eligible one.

3-Rewards will be decided on a case by case basis and the bug bounty program, terms, and conditions are at the sole discretion of Growth DeFi.

4-Technical knowledge is required for the process.

5-Rewards will vary depending on the severity of the issue. Other variables considered for rewards include: the quality of the issue description, the instructions for reproducibility, and the quality of the fix (if included).

6-Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of Growth DeFi.

7-Submissions needs to be related with the Bounty Scope. Submissions out of the Bounty Scope won’t be eligible for a reward.

8-Any interference with the protocol, client or platform services, on purpose or not during the process will make the submission process invalid.

9-Our bug bounty follows a similar approach as Ethereum Bug Bounty. The severity of the issues will be based according to the OWASP risk rating model based on Impact and Likelihood.

10-Terms and conditions of the bug bounty process may vary over time.


Vulnerabilities Classification


An issue that might cause immediate loss of > 10% of the funds, or permanent impairment of the protocol state.

Very High / High

An issue that might cause immediate loss of <10% of the funds, or severely damage the protocol state.


An issue that might theoretically cause minimal loss of funds, damage the protocol state, or cause severe user dissatisfaction.

Low / Very Low / Note

An issue that might cause user dissatisfaction or minimal failure.

Bounty Scope

The bug bounty is applicable to the following repository:


In order to submit a bug send an email to including as many details as possible about the vulnerability, the components affected, the reproduction of the issue and possible fixes.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Growth DeFi

Growth DeFi

Leveraging the power of DeFi protocols to maximize capital efficiency