Bug bounty presence & max payout

BENQI's assessment for RD-F-007 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Immunefi bug bounty program active for BENQI since August 2021, last updated November 27 2025. Maximum payout: $500,000 for critical smart contract vulnerabilities. 38 assets in scope including qiBUSD, qiUSDC, qiETH, qiLINK, qisAVAX, QI token, ecosystem market tokens. Both lending and sAVAX surfaces are in scope. Green: active program with max payout exactly $500K (meets ≥$500K threshold).

Sources #

URL
BENQI Bug Bounty — ImmunefiImmunefi BENQI bug bounty program — $500K max, active since August 2021retrieved 2026-05-16
URL
BENQI Bug Bounty Scope — ImmunefiImmunefi BENQI scope — 38 in-scope assets covering both lending qiTokens and sAVAXretrieved 2026-05-16

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-007 score green collected_at 2026-05-16 11:02:12