Rebel Bot LogoRebelBot
Built on Base • Onchain Verified

No Bugs Left Behind. Onchain. Transparent. Rewarding.

The decentralized bug bounty platform for web3. Report vulnerabilities, earn rewards, build reputation. All verified onchain with EAS attestations.

Submit a BugBrowse Bounties
247
Bugs Reported
89.4 ETH
Bounties Paid
156
Active Hunters
Rebel Bot Mascot
Bug Hunter
EAS Verified
Base Native

Submit a Bug Report

Found a vulnerability? Report it and earn bounties. All submissions are stored on IPFS and verified with EAS attestations on Base.

New Bug Report
Fill out the details below. Your report will be reviewed by project maintainers.

By submitting, you agree that your report will be stored on IPFS and an EAS attestation will be created on Base. Bounty payouts are at the discretion of project maintainers.

Bug Bounty Feed

Browse reported vulnerabilities across web3 projects. All reports are verified onchain with EAS attestations and stored on IPFS.

RB-001CriticalPaid

Reentrancy vulnerability in staking contract

0.5 ETH
Bounty

Found a reentrancy attack vector in the unstake() function that allows draining of staked funds before balance update.

h4ck3r.eth
Base
2024-01-15
Project: DeFi Protocol X
IPFSBasescanEAS VerifiedPoC
RB-002HighReviewed

Integer overflow in token minting

0.25 ETH
Bounty

Unchecked arithmetic in mint function allows overflow attack to mint unlimited tokens.

bugslayer.base
Base
2024-01-14
Project: NFT Marketplace Y
IPFSBasescanEAS VerifiedPoC
RB-003HighOpen

Access control bypass in admin functions

0.3 ETH
Bounty

Missing onlyOwner modifier on setFeeRecipient() allows anyone to redirect protocol fees.

whitehat42.eth
Optimism
2024-01-13
Project: Lending Protocol Z
IPFSPoC
RB-004CriticalPaid

Flash loan oracle manipulation

1.0 ETH
Bounty

Price oracle can be manipulated via flash loan to liquidate positions unfairly.

securityfirst.base
Base
2024-01-12
Project: Perps DEX Alpha
IPFSBasescanEAS VerifiedPoC
RB-005MediumOpen

Front-running vulnerability in swap router

0.15 ETH
Bounty

No slippage protection in swap function allows sandwich attacks on user trades.

defi_guard.eth
Arbitrum
2024-01-11
Project: DEX Aggregator Beta
IPFSPoC
RB-006HighReviewed

Signature replay attack in permit function

0.4 ETH
Bounty

Missing nonce check allows replay of EIP-2612 permit signatures across chains.

chainwatcher.base
Base
2024-01-10
Project: Bridge Protocol Gamma
IPFSBasescanEAS VerifiedPoC
RB-007LowPaid

Denial of service in batch transfer

0.08 ETH
Bounty

Unbounded loop in batchTransfer() can be exploited to DoS the contract via gas limit.

gasoptimizer.eth
Base
2024-01-09
Project: Token Vesting Delta
IPFSBasescanEAS VerifiedPoC
RB-008MediumOpen

Unchecked return value in ERC20 transfer

0.12 ETH
Bounty

Transfer return value not checked, allowing silent failures with non-compliant tokens.

tokenauditor.base
Polygon
2024-01-08
Project: Yield Farm Epsilon
IPFSPoC
RB-009MediumReviewed

Timestamp manipulation in randomness

0.2 ETH
Bounty

Block timestamp used for randomness can be manipulated by miners for favorable outcomes.

randombuster.eth
Base
2024-01-07
Project: Gaming Protocol Zeta
IPFSBasescanEAS VerifiedPoC
RB-010LowPaid

Missing zero address check in constructor

0.05 ETH
Bounty

Constructor does not validate against zero address for critical contract parameters.

nullcheck.base
Base
2024-01-06
Project: Governance Contract Eta
IPFSBasescanEAS VerifiedPoC

Leaderboard

Top bug hunters and reviewers in the Rebel Bot ecosystem. Build reputation, earn rewards, and climb the ranks.

Bug Hunters
RankHunterBugs ReportedReputationTotal Earnings
H4
h4ck3r.eth
0x742d...bD54
47
9,850
15.8 ETH
SE
securityfirst.base
0x789d...bD54
38
9,200
12.4 ETH
WH
whitehat42.eth
0x456d...bD54
31
8,750
10.2 ETH
#4
CH
chainwatcher.base
0xef0d...bD54
25
7,200
7.6 ETH
#5
BU
bugslayer.base
0x123d...bD54
22
6,800
6.1 ETH
#6
DE
defi_guard.eth
0xabcd...bD54
19
6,400
5.4 ETH
#7
RA
randombuster.eth
0x333d...bD54
16
5,100
4.2 ETH
#8
TO
tokenauditor.base
0x222d...bD54
14
4,800
3.8 ETH
247
Total Bugs Reported
89.4 ETH
Total Bounties Paid
156
Active Bug Hunters

How It Works

Rebel Bot makes bug bounty hunting accessible, transparent, and rewarding. Every step is verifiable onchain.

1

Find a Bug

Discover vulnerabilities in smart contracts, DeFi protocols, or web3 applications across EVM chains.

2

Submit Report

Fill out the bug report form with details, PoC links, and evidence. Files are stored on IPFS.

3

IPFS Storage

Your report is permanently stored on IPFS, ensuring decentralized and immutable evidence.

4

Review Process

Project maintainers and community reviewers verify and validate your submission.

5

EAS Attestation

Valid reports receive an Ethereum Attestation Service (EAS) badge on Base for onchain verification.

6

Earn Rewards

Get paid in ETH directly to your wallet. Build reputation and climb the leaderboard.

Powered By

Base
IPFS
EAS
wagmi
viem