CLMM bug bounty details

This page covers program-specific scope and assets for Raydium’s concentrated liquidity market maker (CLMM).

Raydium’s full bug bounty program with Immunefi can be found at: https://immunefi.com/bounty/raydium/

Documentation

Raydium CLMM v3 overview document

Testnet reference

A public Solana testnet deployment exists at:

https://explorer.solana.com/address/proKtffCScMcwkFkPHFcuHawN7mWxRkhyh8PGxkTwYx

Public testnets are provided for reference only. Testing on public testnets or mainnet is prohibited. All testing must be conducted on private test environments.

Assets in scope

Only contracts listed in the repository below are considered in scope for the CLMM bug bounty:

https://github.com/raydium-io/raydium-clmm

If a critical impact affects any other Raydium-managed asset not listed here, but the impact matches those defined in the bug bounty overview, it may still be submitted for consideration.

Disclosure and contact

For vulnerabilities not submitted via Immunefi, please email:

📧 [email protected]

Include:

A detailed description of the attack vector
A proof of concept for high and critical severity issues

The team will respond within 24 hours with next steps or follow-up questions.

Last updated 4 days ago

Was this helpful?

Good afternoon

hashtagDocumentation

hashtagTestnet reference

hashtagAssets in scope

hashtagDisclosure and contact

Documentation

Testnet reference

Assets in scope

Disclosure and contact