>Hello World! Source code is open. Bug bounty and audits.

>Hello World! Source code is open. Bug bounty and audits.

Hi there, gearpersons! This article will be short and on-point. First of all, Gearbox is now officially a DAO: the protocol control has been given to the community + community-enacted multisig. Now let’s get to business!

This was it: 0xe1a523f352084841bd6ff60406e8ba4215caf1c1cd96d3ed6c02eb09b7a97f26

Source code is open + verified on Etherscan

First of all, 10 months of daily work are now open-source. Gearbox Protocol is also deployed on Kovan network, for testing your integrations you can use of following deployments — see the info here.

GitHub - Gearbox-protocol/gearbox-contracts: Gearbox core contracts V1
Gearbox core contracts V1. Contribute to Gearbox-protocol/gearbox-contracts development by creating an account on GitHub.

If you want to know a story about how it all started, see Mikael’s thread:

The dApp (interface) is not yet open-source. It does not mean the protocol access if gated or anything is siloed. It’s just to avoid lousy forks at the start. It should be shipped open-source within the next few months as well. Moreover, the DAO should take as its mission to decentralize the UI & perhaps even incentivize building of new UIs. However, since the App logic is not as simple, it might not be realistic to create many different versions.

Learn about the DAO governance setup and contribute!


  • Consensys Diligence Fuzzing (04/10/2021- 13/12/2021): report
  • ChainSecurity (31/08/2021–13/12/2021): report
  • MixBytes (06/07/2021–22/12/2021): report
  • Peckshield (22/07/2021–10/08/2021): report
  • Peckshield (09/04/2021–03/05/2021): report
Keep in mind that no number of audits can ever guarantee full safety. There are always high risks involved in DeFi, as many platforms are composable and depend on each other, especially Gearbox. There is no guaranteed return on Gearbox — you must understand the risks involved.

Bug Bounty

The scope of the bug bounty refers to the core contracts available at this repository: https://github.com/Gearbox-protocol/gearbox-contracts. If you have found a bug that you think is within the security interests of the protocol but is outside of the scope of the repository above, please do notify us then anyway. We can decide ad-hoc together with you. All the info is here:

Audits & Bug Bounty - Gearbox Protocol
Reports on Gearbox Protocol security.

Contribute + developer docs

Developer docs are currently somewhat raw and will be updated shortly:

Deployed Contracts – Nextra
Nextra: the next docs builder

Gearbox is composable by design, so as a community, we should uphold the ethos of collaboration. Dev contributions are an essential part of achieving that, so please join the community and contribute. Be at the start of a new primitive coming to life — let’s push it forward together!