Blend v1 audits can be found here: https://docs-v1.blend.capital/audits-and-bug-bounties
{% file src=".gitbook/assets/Script3 - Certora - Blend v2 - Formal Verification Draft v2 Report - June 2025.pdf" %}
{% file src=".gitbook/assets/Script3 - Certora - Blend v2 - Security Assessment Draft v3 Report - April 2025.pdf" %}
{% file src=".gitbook/assets/Code4rena x Blend V2 audit report.pdf" %}
The blend community is also offering bug bounties. Those are listed here:
-
Markus' Bug Bounty
Markus, CEO of Script3, is personally offering a 9 million BLND bug bounty for issues found in the core Blend protocol contracts. This covers the Lending Pool contract, Backstop contract, Pool Factory contract, and Emitter contract. The bounty will not be awarded for any of the issues covered in the #known-issues section of the docs.
- Criteria:
- Critical: Vulnerabilities that immediately result in a loss of user funds with minimal preconditions
- High: Vulnerabilities that may result in a loss of user funds but are potentially difficult to exploit.
- Medium: Vulnerabilities that may result in denial of service scenarios or degraded usability.
- Low: Low probability vulnerabilities, which are still exploitable but require extenuating circumstances or undue risk.
- Info: Best practices to mitigate future security risks. These are classified as general findings.
- Payouts:
- Critical: 500,000 to 2,000,000 BLND
- High: 100,000 to 500,000 BLND
- Medium 10,000 BLND
- Low 1,000 BLND
- Payout amounts within ranges are up to the discretion of Markus
- Contact Info:
- Twitter: https://x.com/markus_0_
- Criteria: