BugHunters — Bug Bounty Platform
    Back to Programs
    Raydium

    Raydium

    Crypto/DeFi

    Automated market maker and liquidity provider on Solana, offering swaps, concentrated liquidity pools, and token launches.

    https://raydium.io

    Max Reward

    $50,000

    Total Paid

    $500,000

    Resolved

    34

    Avg Response

    3 days

    In-Scope Assets

    raydium.io

    Swap, pools, and farming interface

    CLMM Contracts

    Concentrated liquidity pool contracts

    AcceleRaytor

    Token launch platform

    Raydium SDK

    TypeScript SDK and integration tools

    Out of Scope

    • Third-party frontend integrations
    • Community created pools
    • Documentation

    Severity Levels & Rewards

    Critical

    RCE, authentication bypass, privilege escalation, fund extraction

    High

    Stored XSS, CSRF with impact, API abuse, data manipulation

    Medium

    Reflected XSS, data leakage, logic flaws, information disclosure

    Low

    Verbose errors, minor config issues, low-impact info disclosure

    Active Bounties (1)

    IDTitleSeverityStatusRewardSubmissions
    RAY-001Concentrated liquidity pool drain via tick manipulation
    Critical
    Open
    		$15,000–$50,0000

    Rules of Engagement

    • Do not access, modify, or delete data belonging to other users.

    • Do not perform denial-of-service attacks or automated scanning at high volume.

    • Report vulnerabilities promptly and provide sufficient detail to reproduce.

    • Allow reasonable time for fix before public disclosure (90 days).

    • Safe harbor: We will not pursue legal action against researchers acting in good faith within these rules.