The Augur Bug Bounty Program provides public bounties for the disclosure of vulnerabilities and bugs. The Forecast Foundation calls on all community members, security engineers and hackers to help identify bugs in the Augur contracts and codebase. Rewards up to $200,000 USD are available.
Deployed versions of Augur's contracts can be found on the Ethereum mainnet. For Augur.js, the Augur client and Augur Node, submissions must be valid against their master branches.
Bounty payment amounts are decided by assessing severity. The Forecast Foundation calculates the severity level according to the CVSS risk rating model based on both impact and likelihood.
You are ineligible for bounty rewards if the vulnerability submitted is already known by the Forecast Foundation, if it's publicly disclosed prior to the completion of the bounty process with the Forecast Foundation, or if it's found to have been exploited on the main Ethereum network.
Rewards are paid out in BTC, ETH, or REP after the submission has been validated by the Forecast Foundation team. Proof of identity is needed.
Determination of eligibility, score, and all related terms of a bounty payout are at the sole and final discretion of the Forecast Foundation.
Of course! You will not be eligible for BTC/ETH/REP rewards. However, you can donate your reward to charity or another cause.
Yes, it can be found at augur.net/pgp.txt.