BIP-26: Immunefi Bug Bounty Program

Proposed: September 29, 2022

Status: Passed

Link: Snapshot


Beanstalk Farms



Quorum is a majority of the Stalk supply voting For, or about 28,952,861 Stalk voting For based on the time of proposal.


Security is paramount to Beanstalk's success and a core focus for Beanstalk Farms and Bean Sprout. There is currently no formal program for whitehat hackers to get paid for finding bugs in Beanstalk.

Proposed Solution

Create a bug bounty program through Immunefi in order to incentivize whitehat hackers to find bugs in Beanstalk.

Immunefi is a bug bounty platform with a community of whitehat hackers who actively look for bugs and exploits in return for pre-approved bounties. They provide a secure and private system for bug identification and submission and are trusted by protocols such as The Graph, SushiSwap and Arbitrum.

Program Structure

The bug bounty program is focused on the Beanstalk smart contracts and on preventing loss of user funds. The bug bounty program that will go live on the Immunefi website upon the passage of this BIP can be found here:

In summary:


After a bug report is submitted through the Immunefi platform, all members of the BIC are notified via email.

As mentioned in the program structure document above, in order to be considered for the maximum potential reward, bug reports must come with (1) a Proof of Concept (PoC), and (2) code implementing the fix.

The BIC will respond to each bug report as follows:


As soon as possible after completing the above, the BIC will prepare, but not publish, a Beanstalk Immunefi Response (BIR), which includes:

In the instance where there are multiple bugs reported in the same report, a BIR will be prepared for each bug, such that the BIR can be released shortly after the implementation of the fix.

Before a BIR is proposed, its contents are confirmed with the submitter of the bug report via the Immunefi platform. As outlined in the bug bounty structure, in certain instances where the submitting party disputes the BIC’s proposal, Immunefi mediates.

Immediately after the implementation of a fix by the BCM or the Beanstalk DAO, the BIC will:

BIR voting takes place on Snapshot and lasts for 3 days. Only BIC members propose and vote on BIRs, and each member has one vote. BIC members can either vote For or Against a BIR, and a two-thirds majority of the BIC voting For is required to pass.

Once a BIR passes, the BCM executes it by:

The BIC may extend the bug bounty program to account for new assets that are in-scope. For example, after the Beanstalk UI is audited it is appropriate to add it as in-scope for the bug bounty program. Any other changes to the bug bounty program structure require a BOP (or BIP).

BIC Members

We propose the following six members for the BIC:

The following people serve as backups for the BIC, in no particular order:

Adding, removing or rotating members on the BIC requires a majority vote of the BIC on Snapshot.


The BCM executes the will of the BIC as determined by BIRs, up to 3,000,000 Beans total. Any increase to this limit must be granted via BIP. Beans are minted upon passage of a BIR.


Security is paramount to the success of Beanstalk. Immunefi is crypto’s leading bug bounty platform that many other well-known DeFi protocols use to facilitate their bug bounty programs. This bounty program is competitive with the largest programs currently on Immunefi, making it likely to attract whitehat hackers.

This program establishes a method for the reporting and fixing bugs in a way that minimizes the risk to Beanstalk between the report and the fix, as well as the fair and transparent compensation for the reporting of bugs. The program gives bounty hunters a clear process and structure in order to increase the likelihood they attempt to find issues with Beanstalk and its related contracts and code.

The BIC structure of community-known members and public Snapshot proposals allows the Beanstalk community to scrutinize decisions, while still allowing the BIC to move swiftly in response to bug reports. The BIC consists of technical members of the Beanstalk community due to the nature of the BIC. The BIC can keep the bug information private while the bug is unfixed, and then has a clear process to disclose the bug to the public and compensate the submitter of the bug bounty. Having several members increases decentralization. The two-thirds majority required to approve a BIR and the BCM minting the Beans introduces multiple steps to mint Beans as a reward, which improves censorship-resistance.


Immediately upon passage.