Centrifuge expands bug bounty program to cover V3.1 upgrade, offering $250K for critical findings

Centrifuge expands bug bounty program to cover V3.1 upgrade, offering $250K for critical findings

The real-world asset tokenization protocol has logged 480 findings to date with zero exploits since its 2019 mainnet launch

Centrifuge has expanded its bug bounty program to include its V3.1 upgrade, with a top payout of $250,000 for anyone who finds a critical vulnerability.

The updated program launched on July 17, 2025, through the Cantina platform.

The bounty structure

Critical findings earn up to $250,000. High-severity issues pay out $50,000. Medium-severity bugs net researchers $5,000.

Advertisement

The program does come with some scope limitations worth noting. Reduced payouts apply for issues involving specific pool managers or cross-chain functionality.

To date, the bounty program has recorded 480 findings.

Why V3.1 matters

The V3.1 upgrade builds on Centrifuge’s V3 release, which went live in April 2025. That earlier version integrated with Wormhole to enable multichain operations.

Centrifuge also ran a separate security competition on the Sherlock platform with a prize pool of $320,000 USDC.

The protocol has since deployed a V3.2 upgrade on July 8, 2026, that introduced on-chain portfolio management features.

Centrifuge’s security track record

Centrifuge has reported zero exploits since launching on mainnet in 2019. The protocol has undergone more than 24 security reviews over that period.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

Centrifuge expands bug bounty program to cover V3.1 upgrade, offering $250K for critical findings

Centrifuge expands bug bounty program to cover V3.1 upgrade, offering $250K for critical findings

The real-world asset tokenization protocol has logged 480 findings to date with zero exploits since its 2019 mainnet launch

Centrifuge has expanded its bug bounty program to include its V3.1 upgrade, with a top payout of $250,000 for anyone who finds a critical vulnerability.

The updated program launched on July 17, 2025, through the Cantina platform.

The bounty structure

Critical findings earn up to $250,000. High-severity issues pay out $50,000. Medium-severity bugs net researchers $5,000.

Advertisement

The program does come with some scope limitations worth noting. Reduced payouts apply for issues involving specific pool managers or cross-chain functionality.

To date, the bounty program has recorded 480 findings.

Why V3.1 matters

The V3.1 upgrade builds on Centrifuge’s V3 release, which went live in April 2025. That earlier version integrated with Wormhole to enable multichain operations.

Centrifuge also ran a separate security competition on the Sherlock platform with a prize pool of $320,000 USDC.

The protocol has since deployed a V3.2 upgrade on July 8, 2026, that introduced on-chain portfolio management features.

Centrifuge’s security track record

Centrifuge has reported zero exploits since launching on mainnet in 2019. The protocol has undergone more than 24 security reviews over that period.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.