Coinbase Initiates $5M Bug Bounty Program On Cantina For On-Chain Products And Base Smart Contracts


In Brief
Coinbase has launched a $5 million bug bounty program on the Cantina platform focused on securing its active onchain products and Base smart contracts through structured, reproducible assessments by expert researchers.

Cryptocurrency exchange Coinbase has introduced a $5 million bug bounty program through the Web3 security platform Cantina, focusing exclusively on the security of its onchain products and Base’s smart contracts. This initiative aims to establish a new standard for securing global Web3 infrastructures by inviting expert security researchers to engage with Coinbase’s critical systems through a verified and structured process on Cantina.
The program reflects Coinbase’s commitment to institutional-grade security practices across its engineering and security operations. Researchers submitting findings will have their reports reviewed by Web3 security professionals who prioritize both the clarity and severity of vulnerabilities to ensure efficient identification and resolution of high-impact issues.
This program expands on Coinbase’s ongoing collaboration with Cantina, which has previously involved structured security assessments of vital protocol components such as Verified Pools, Fault Proof Audits, Nitro Validator, WebAuthn modules, ERC-6492 validation logic, and SpendPermissionManager. These prior engagements were conducted with defined scopes, comprehensive technical documentation, and production context, providing a solid foundation for the launch of this large-scale public bug bounty initiative.
Coinbase Bug Bounty Targets Mainnet-Deployed Smart Contracts
The program operates exclusively through Cantina’s platform, enabling researchers to perform organized and reproducible assessments within defined scope areas. The submission process is designed to minimize obstacles, ensuring that all findings are evaluated with appropriate context and consistency. Compensation is awarded based on the reproducibility of the issue and its technical importance, with reward levels reflecting the severity of the vulnerability and its impact on live production environments.
The initiative specifically targets the onchain elements of Coinbase’s products, focusing on smart contracts that meet certain criteria: they must be deployed on a mainnet by Coinbase and actively utilized by a Coinbase product or serve a production purpose, excluding proof-of-concept contracts. The program is structured into two distinct tiers. Coinbase reserves the right, at its sole discretion, to issue rewards for vulnerabilities discovered in contracts outside the defined scope if the findings are deemed valuable. Any security issues related to off-chain components should continue to be reported through Coinbase’s existing HackerOne bug bounty program.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.