For the DeFi economy to become a consumer-grade banking experience security has to be at the centre of our platform.

We are pleased to announce that our HackerOne bug bounty program is now public after months as an invite-only bounty program. Combined with our external security audits (see our public github repo) and PCI certification, this puts us in a strong position from a security perspective.

We are calling on security researchers worldwide to help us identify and fix software vulnerabilities on our platform.

What are we interested in?

Software vulnerabilities that affect our users’ assets:

Their crypto holdings;

Their sensitive personal data; and,

Their fiat currency balances.

The most important class of bugs we are looking for are ones that compromise the confidentiality, integrity and availability of users’ assets.

Any vulnerability where an attacker can siphon assets from our users in an unintended way is of most interest to Monolith, and will be rewarded accordingly.

The Bounty

For vulnerabilities relating to our handling of the blockchain and our users fiat balances, our bounties will be as follows:

Critical: $10,000

High: $4,500

Medium: $1,500

Low: $200

For vulnerabilities regarding our mobile apps, our bounties will be as follows:

Critical: $2,000

High: $1,000

Medium: $500

Low: $100

Rewards are at the discretion of Monolith and we will not be awarding significant bounties for low severity bugs.

Where do I find out more:

We will be operating the Monolith Bug Bounty program exclusively through HackerOne. Here, you can find more on the scope, SLAs, and all other relevant information around this program.

We are glad to reward any of you who can help make our platform a safer place for our users and turn the DeFi economy into a consumer-grade banking experience.

— The Monolith Team