Intuition

Intuition

The decentralized knowledge network & native blockchain for InfoFi, unlocking the next generation of the internet.

GitHubView RepoMake a submission
Max bounty$100,000 in USDCHow do bug bounties work on C4?

Intuition Bug Bounty

Award levels

Risk ScorePayout
CriticalUp to $100,000 in USDC (depending upon severity and amount of funds at risk, at discretion of Intuition team)
High3,0003,000 - 5,000 in USDC
Medium1,0001,000 - 2,500 in USDC
Low250250 - 500 in USDC

Background on Intuition

What is Intuition?

Intuition is an Ethereum-based attestation protocol that makes it easy to create, explore, and incentivize verifiable information. It focuses on a flexible data layer for Web3 where many-to-one relationships between identities and claims are supported and token-based incentive mechanics encourage high-quality data creation. Intuition's flagship app, Portal, enables users to create, navigate, aggregate, and curate attestations about people and entities in the Web3 ecosystem.

How does it work (high-level)?

  • Intuition creates unique identifiers for people/organizations/concepts/etc (known as "atoms", or "identities" in Portal), and semantic triple claims constructred from those identifiers (known as "triples", or "claims" in Portal) on-chain.
  • Users can deposit into the "MultiVault" contract to support or oppose atoms and triples. The value of the user's deposit increases or decreases when subsequent users deposit or withdraw from the same vaults, according to various bonding curves.
  • Users can stake TRUST to receive protocol emissions each epoch, depending upon their personal utilitzation of the Multivault and the system utilization of all users combined.
  • All smart contracts are deployed to the Intuition Network, an EVM-compatible L3, manage the attestation and incentive logic, using $TRUST token as the native currency

Further technical resources & links

Scope & Severity Criteria

Severity matrix:

Severity levelDescription / Examples
CriticalSystemic user fund loss or freezing; unauthorized manipulation of critical contract parameters (timelock, pausability); mass-scale unauthorized mint/burn of multivault shares; protocol insolvency.
HighDirect theft of individual user funds; long-term freezing of individual user funds; ways to avoid expected fees.
MediumEconomic loss not involving direct on-chain asset theft (short-term freezing, gas griefing, unbounded gas, essential functionality temporarily unusable); theft of unclaimed rewards/yield.
LowBehavioral differences from intended behavior or documentation where no funds are at risk; technical issues that lead to impersonation of Intuition team communications; minor logic/documentation mismatches; non-critical edge cases.

Smart Contracts and Repos in Scope

Out-of-Scope

Known Issues

  • Any issues already documented in previously opened issues, previous audits, or otherwise publicly-known vulnerabilities are out-of-scope for bounty rewards (reports duplicating those issues will not be paid).
  • This includes issues intentionally left as design choices or mitigated operationally by the team.

Previous audits

Any findings already reported in previous audits are not eligible for new rewards.

Specific types of issues excluded

  • Informational findings (no economic or security impact)
  • Design choices documented and accepted by the protocol (e.g., permissioned/centralized upgradeability) unless they lead to a concrete exploit scenario
  • Front-end only user errors or UX mistakes that do not lead to contract-level risk
  • Rounding differences that have no economic impact
  • Known gas consumption characteristics (unless they enable an exploit)

Additional Context

Miscellaneous

Employees of Intuition and their family members are ineligible for bounties.