- Read our guidelines for more details
- Submit findings using the C4 form
| Risk Score | Payout |
|---|---|
| Critical | Up to $100,000 in USDC (depending upon severity and amount of funds at risk, at discretion of Intuition team) |
| High | $3,000 - $5,000 in USDC |
| Medium | $1,000 - $2,500 in USDC |
| Low | $250 - $500 in USDC |
Intuition is an Ethereum-based attestation protocol that makes it easy to create, explore, and incentivize verifiable information. It focuses on a flexible data layer for Web3 where many-to-one relationships between identities and claims are supported and token-based incentive mechanics encourage high-quality data creation. Intuition's flagship app, Portal, enables users to create, navigate, aggregate, and curate attestations about people and entities in the Web3 ecosystem.
- Intuition creates unique identifiers for people/organizations/concepts/etc (known as "atoms", or "identities" in Portal), and semantic triple claims constructred from those identifiers (known as "triples", or "claims" in Portal) on-chain.
- Users can deposit into the "MultiVault" contract to support or oppose atoms and triples. The value of the user's deposit increases or decreases when subsequent users deposit or withdraw from the same vaults, according to various bonding curves.
- Users can stake TRUST to receive protocol emissions each epoch, depending upon their personal utilitzation of the Multivault and the system utilization of all users combined.
- All smart contracts are deployed to the Intuition Network, an EVM-compatible L3, manage the attestation and incentive logic, using $TRUST token as the native currency
- Website: https://intuition.systems
- Documentation: https://www.docs.intuition.systems/
- Whitepaper: https://cdn.prod.website-files.com/65cdf366e68587fd384547f0/66ccda1f1b3bbf2d30c4f522_intuition_whitepaper.pdf
- Discord Community: https://discord.gg/0xintuition
- X: https://x.com/0xIntuition
| Severity level | Description / Examples |
|---|---|
| Critical | Systemic user fund loss or freezing; unauthorized manipulation of critical contract parameters (timelock, pausability); mass-scale unauthorized mint/burn of multivault shares; protocol insolvency. |
| High | Direct theft of individual user funds; long-term freezing of individual user funds; ways to avoid expected fees. |
| Medium | Economic loss not involving direct on-chain asset theft (short-term freezing, gas griefing, unbounded gas, essential functionality temporarily unusable); theft of unclaimed rewards/yield. |
| Low | Behavioral differences from intended behavior or documentation where no funds are at risk; technical issues that lead to impersonation of Intuition team communications; minor logic/documentation mismatches; non-critical edge cases. |
- Repos:
- Smart Contract Deployments: https://www.docs.intuition.systems/docs/developer-tools/contracts/deployments
- Mainnet Deployed Contract Commit:
20181c162502da226ca25c31aef47872369212c9
- Any issues already documented in previously opened issues, previous audits, or otherwise publicly-known vulnerabilities are out-of-scope for bounty rewards (reports duplicating those issues will not be paid).
- This includes issues intentionally left as design choices or mitigated operationally by the team.
Any findings already reported in previous audits are not eligible for new rewards.
- Informational findings (no economic or security impact)
- Design choices documented and accepted by the protocol (e.g., permissioned/centralized upgradeability) unless they lead to a concrete exploit scenario
- Front-end only user errors or UX mistakes that do not lead to contract-level risk
- Rounding differences that have no economic impact
- Known gas consumption characteristics (unless they enable an exploit)
Employees of Intuition and their family members are ineligible for bounties.
