CVE Bounty
Security bounties that settle the instant a CVE lands.
Dark security-ops threat console
The problem
Security bounties that settle the instant a CVE lands.
Bug-bounty payouts depend on private policy, manual triage, and platform discretion, so researchers and maintainers can be slow-walked or paid below value. There's no way to make qualifying conditions binding and public before a vulnerability is disclosed.
How it works
The mechanism
A poster escrows STT against pre-declared criteria — target product, CVSS floor, vulnerability class, acknowledgment token. A claimant submits a CVE id, which triggers a Somnia agent chain: a JSON-API leg fetches the CVSS base score and advisory description, an EPSS exploit-probability read tiers the payout, and an LLM adjudicates a 'matches criteria' verdict. If everything passes, the contract settles to Paid and transfers to the claimant on-chain within seconds — no committee, no discretion.
Agent pipeline
Who does what
CVSS Verifier
fetchUint pulls the CVSS base score and gates against the bounty's hard severity floor (e.g. 700 = 7.0).
Description Matcher
fetchString pulls the advisory narrative for the adjudication leg to read.
Adjudicator
LLM inferString returns 'matches criteria' / 'doesn't match' on product, vuln type, and ack token.
EPSS Tierer
Reads exploit probability and tiers payout: <0.10 → 50%, 0.10–0.50 → 75%, ≥0.50 → 100%.
CVE-2021-44228 (Log4Shell) claim settled to Paid — 0.02 STT transferred to the claimant (claim tx 0x7c05df83…). View CVEBounty on the Shannon explorer ↗
Screens
/dashboard
Four-column triage board (Open / Claiming / Paid / Withdrawn) of live bounty cards with CVSS severity meters, beside a streaming signal feed of on-chain claim and settlement events.
Run it yourself