Gitcoin + Chainlink: Bug Bounty Program

We are proud to announce that we have teamed up with Chainlink to launch a new bug bounty program to help further secure the now widely used Chainlink protocol for decentralized oracles. Chainlink is the market-leading decentralized oracle network that is powering much of the DeFi ecosystem.

This bug bounty program is being funded by the Chainlink Community Grant Program, with over $100k in LINK tokens already being sent into Gitcoin, all of which are ready to be paid out to whitehat hackers and anyone else interested in helping secure Chainlink. 

By working closely with us and the open-source development community, Chainlink is looking to ensure the smart contract economy as a whole is powered by oracles that are as maximally tamper-resistant and secure as possible. This initial grant program is just the beginning as Chainlink plans to scale up their bug bounty over time by continuing to offer more grants paid in LINK to give back to the community supporting them.

For those not familiar with Chainlink, it is a generalized framework for building decentralized oracle networks that grant smart contracts access to secure and reliable data inputs and outputs such as market data, web APIs, payment systems, and more. Chainlink’s Price Reference Feeds have become the go-to resource of market data that is currently securing many leading DeFi products.

Chainlink is most interested in uncovering and mitigating any potential vulnerabilities in their Solidity based smart contracts and Golang/Typescript based core node software. Issues that could lead to a loss of funds for users or node operators will receive the highest bounty rewards.

Want to see a few example use cases of Chainlink in action? Check out some of the Chainlink projects submitted in our recent Unitize Hackathon. With the first round of building out of the way, it’s time go on a bug hunt!


There is a 2X bounty multiplier until September 30th, for a maximum bounty prize of up to $50,000. The payouts vary according to severity. For any reports affecting the Chainlink node client through an on-chain data request, an additional bonus will be provided. 🎉

Severity Payment in LINK
Low $2,000
Medium $4,000
High $8,000
Critical $16,000

Next Steps

Want to get started? Great! Sign up here.

Want to learn more? See the bounty here.

You can find us on the Gitcoin Townsquare if you have questions or want to introduce yourself. Good luck on your bug hunting journey!