Bug Bounty Program

Introduced & approved by the DAO in PGP-28 l Immunefi Bug Bounty Program, the Parallel Bug Bounty Program is live since June 30 2025 via ImmuneFi, and accessible here:

Parallel Bug Bounties | ImmunefiImmunefi

Rules

A maximum reward of $250,000 USD is available for the most critical impacts of Parallel Protocol’s bug bounty program. Reward amounts are adjusted depending on the impact and the volume of the funds at risk (e.g. the maximum reward would only be paid if it is proven that a vulnerability would allow exploitation of protocol’s total value locked).

A minimum reward of $50,000 USD should be paid for other critical bugs in order to incentivize security researchers against withholding reports. Moreover, the validity of every single bug report is determined not by Immunefi, but by Parallel’s bug bounty program administrators. However, the Immunefi mediation team is available whenever there are any disputes in any of the bug report submissions. Cooper Labs, Mimo Labs, and the Immunefi teams determined these amounts according to industry best practices and by benchmarking the programs of similar projects on our platform.

The complete program rules can be analyzed here.

Mimo Labs and Cooper Labs have been appointed as administrators of the bug bounty program. They are responsible for validating bug reports and have the authority to transfer funds from the insurance fund without proposal, conditioned to a post detailing the bug found, the amount paid and its resolution. They can also update the program at any time.

The bug bounty program service includes the hosting and design of the bounty program, a co-marketing plan, 24/7 coverage managed triage plan, one mitigation review, and free access to a Safe Harbor module. This means Immunefi’s internal triage team filter all spam and low-quality reports, and manage other initial engagements with the security researchers as per its Time Saver plan, helping to minimize the time triaging reports by Parallel’s administrators. Immunefi’s Safe Harbor is a legal framework developed by the Security Alliance (SEAL) for protocols to empower whitehat security researchers to rescue funds during a blackhat attack and redirect those funds back to a protocol-controlled vault on Immunefi’s platform, in exchange for up to 60% of the max critical reward to deter against abuses.