A bug bounty program with Immunefi was launched on October 11, 2022. This bug bounty program is focused on the Beanstalk smart contracts and preventing the loss of user funds. The maximum bounty is 1,100,000 Beans.

You can find the bug bounty program and submit bug reports here:

In order to be considered for the maximum potential reward, bug reports must come with (1) a Proof of Concept (PoC), and (2) code implementing the fix.

Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of the potential reward outlined below, as determined by the Beanstalk Immunefi Committee (BIC). You can read more about the BIC here:

• BIC Process

• BIC Dashboard

All vulnerabilities noted in any audit reports in the Beanstalk Audits repository (or otherwise known by the BIC, BCM, or Root DAO Multisig) are not eligible for a reward.