Somm's mission is to provide secure, transparent, and high‑performance DeFi automation. To reinforce that commitment we have launched a self‑hosted bug bounty program covering the core Somm smart‑contract stack and supporting infrastructure. We invite security researchers to find, responsibly disclose, and help us remediate vulnerabilities. Rewards of up to USD 50 000 are available, commensurate with the impact and likelihood of each finding.
Component | Repository / Deployment |
---|---|
Somm Web App Front end | github.com/PeggyJV/sommelier-strangelove |
Somm Cosmos application layer | github.com/PeggyJV/sommelier |
Steward off‑chain relayer | github.com/PeggyJV/steward |
Cellar strategy contracts | github.com/PeggyJV/cellar-contracts |
Deployed contracts | sommelier.finance/audits |
Only commits and contract addresses published by the PeggyJV
organisation or displayed on the audits page are in scope. Dependencies (e.g., OpenZeppelin) are considered in‑scope only insofar as their use inside our code introduces a vulnerability.
Response SLA: We acknowledge all reports within 24 hours and aim to provide an initial assessment within 5 working days. Once a fix or mitigation has been deployed and any user risk eliminated, you may coordinate public disclosure with our team.
© 2025 Somm by Bajanss OÜ –Maakri 36-50, Tallinn, Estonia 10145