This is the page of the Safe bug bounty program. Find bugs and get rewarded. Earn up to $1,000,000 for every bug you report. Please carefully read through the submission process section and get in touch via bounty@safe.global.
The contracts have been carefully audited by smart contract security experts. For details, please refer to the security audits page.
Many of the Ethereum Foundation’s bug bounty program rules are also applicable for the Safe bug bounty program:
- Issues that have already been submitted by another user or are already known to the Gnosis team are not eligible for bounty rewards.
- Public disclosure of a vulnerability makes it ineligible for a bounty.
- The Gnosis core development team, employees, and all other people paid by Gnosis, directly or indirectly (including the external auditors), are not eligible for rewards.
- The Safe bounty program considers a number of variables in determining rewards. Determinations of eligibility, score, and all terms related to an award are at the sole and final discretion of the Safe bug bounty panel.
The scope of the bug bounty program includes the core contracts related to the following releases of the Safe contracts:
- v1.1.1 (Release details, readme)
- v1.2.0 (Release details, readme)
- v1.3.0 (Release details, readme)
The scope of the bug bounty also includes the allowance module.
Gnosis Safe core contracts
- GnosisSafe.sol
- GnosisSafeL2.sol
- GnosisSafeProxyFactory.sol (formerly ProxyFactory.sol)
- GnosisSafeProxy.sol (formerly Proxy.sol)
- CreateAndAddModules.sol, MultiSend.sol, MultiSendCallOnly.sol, CreateCall.sol
- DefaultCallbackHandler.sol, CompatibilityFallbackHandler.sol, HandlerContext.sol
Addresses for deployed instances of these contracts can be found in the Safe deployments repository.
Safe modules contracts
- AllowanceModule.sol
- Being able to steal funds
- Being able to freeze funds or render them inaccessible by their owners
- Being able to perform replay attacks on the same chain
- Being able to change Safe settings or module settings without consent of owners
- Any files, modules or libraries other than the ones mentioned above
- More efficient gas solutions
- Any points listed as an already known weaknesses
- Any points listed in the audit or formal verification results reports
- Any points fixed in a newer version
Please refer to the readme file and the release details of the respective contract version on Github as well as our developer docs for an extensive overview of the intended behavior of the smart contracts.
For the allowance module, please refer to the corresponding readme file
Any bugs — they do not need to necessarily lead to a redeploy — will be considered for a bounty, but the severity of the threat will change the reward. Below are the reward levels for each threat severity along with an example of such a threat.
An identified attack that could steal funds or tokens or lock user funds would be considered a high threat. Likewise, a reported bug that, on its own, leads to a redeploy of the code will always be considered a high threat.
An identified attack where it is possible to steal funds because of unexpected behavior on the part of the user. Unexpected behavior here means that it is not possible for the user to anticipate and comprehend that the funds will be lost.
A way to avoid transaction fees or an exploit that in some way compromises the experience of other Safe users.
All bounties will be paid in ETH.
Please note that the submission’s quality will factor into the level of compensation. A high-quality submission includes an explanation of how the bug can be reproduced, a failing test case, a valid scenario in which the bug can be exploited, and a fix that makes the test case pass. High-quality submissions may be awarded amounts higher than the amounts specified above.
Please email your submissions to: bounty@safe.global.
Don’t forget to include your ETH address, so that you may be rewarded. If more than one address is specified, only one will be used at the discretion of the bounty program administrators. Anonymous submissions are welcome, too.
Please consult our privacy policy for further details on how we handle submissions.
If you comply with the policies below when reporting a security issue to us, we will not initiate a lawsuit or law enforcement investigation against you in response to your report.
We ask that:
- You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.
- You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
- You do not exploit a security issue you discover for any reason. This includes demonstrating additional risk, such as an attempted compromise of sensitive company data or probing for additional issues.
- You do not violate any other applicable laws or regulations.
Public disclosure of the bug or the indication of an intention to exploit it on Mainnet will make the report ineligible for a bounty. If in doubt about other aspects of the bounty, most of the Ethereum Foundation bug bounty program rules will apply here.
Any questions? Reach us via email (bounty@safe.global) or Discord. For more information on the Safe, check out our website and our Github.
Happy hunting!
This list includes valid submissions from past and current contract versions for which a bounty has been paid.
We use a MultiSend library to batch multiple transactions together. A transaction could be created that would self-destruct the contract. While this would not have put any funds at risk, user experience would have been seriously impacted.
We have updated the library as well as our interfaces. Details about the fix can be found on Github.
This bug was submitted by Micah Zoltu. It was regarded as "Low Threat", and a bounty of 1,000 USD has been paid out.
Since the beginning of the bug bounty period, the contract update has been live on the Ethereum Mainnet. We performed extensive internal testing and also discovered an edge case where a Safe could not receive funds from another contract via send or transfer. This was due to additional gas costs caused by the emission of additional events and gas price changes in the latest hardfork. This issue has been fixed and more details can be found on Github.
There is a bug in the setupOwners function on OwnerManager.sol which allows duplicate owners to be set when the duplicated address is next to itself in the _owners array. This could cause unexpected behavior. While it is not possible to steal funds of existing Safes it is indeed an unexpected behaviour and user funds might be locked. During Safe creation the threshold of a Safe could be set to something unreachable, thereby making it impossible to execute a transaction afterwards.
The Safe interfaces all prevent this from happening by checking for duplicates, but if users directly interact with the contracts this can still happen. The issue is tracked on Github.
This bug was submitted by David Nicholas. It was regarded as "Medium Threat" and a bounty of 2,500 USD has been paid out.
The contracts allow to set a Safe as an owner of itself. This has the same effect as lowering the threshold by 1, as it is possible for anyone to generate a valid signature for the Safe itself when triggering execTransaction. This is especially an issue for Safes with a threshold of 1. If a Safe with threshold 1 adds itself as an owner, anyone can execute transactions.
To our knowledge there is no real use case where it would make sense to set a Safe as an owner of itself. Hence only a few number of Safes used themselves as owners. Most of these Safes could be contacted and the Safe have been removed as an owner. The Safes still affected are Safes used for testing by us or Safes owned by a single owner with a threshold > 1 (so no immediate risk).
To fix this, the next contract update will prevent the Safe as its owner via require(owner != address(this), "Safe can't be an owner"). This check can be performed when adding owners and/or when checking signatures.
Details about this issue can be found on Github.
The bug was submitted by Kevin Foesenek. It was regarded as "Medium Threat" and a bounty of 5,000 USD has been paid out.
The method getModuledPaginated is used to return enabled modules page by page. For this a start and a pageSize need to be specified and the method will return an array of module addresses and next . This next can be used as the start to load the next page. When another page exists then next is a module address. This module address however will not be present in any of the returned arrays. While this does not put any user assets at risk directly, it could lead to a wrong perception of the enabled modules of a Safe and thereby its state.
The workaround is to append the next to the returned array of module addresses if it is not the zero or sentinel address. Alternatively the last element of the returned array can be used as the start for the next page.
This bug was submitted by Renan Souza. It was regarded as "Low Threat", and a bounty of 2,000 USD has been paid out.