Augur Bounty Program

Submit a bug or vulnerability on Hacker One, or email the Forecast Foundation directly.

Submit on Hacker One

The Augur Bounty Program provides public bounties for the disclosure of vulnerabilities and bugs. The Forecast Foundation calls on all community members, security engineers and hackers to help identify bugs in the Augur contracts and codebase. Rewards up to $200,000 USD are available.

Scope & Rewards

Scope

Deployed versions of Augur's contracts can be found on the Ethereum mainnet. For Augur.js, the Augur client and Augur Node, submissions must be valid against their master branches.

Rewards

Bounty payment amounts are decided by assessing severity. The Forecast Foundation calculates the severity level according to the CVSS risk rating model based on both impact and likelihood.

  • Critical:up to $200,000
  • High:up to $5,000
  • Medium:up to $2,500
  • Low:up to $1,000
  • Note:up to $500

You are ineligible for bounty rewards if the vulnerability submitted is already known by the Forecast Foundation, if it's publicly disclosed prior to the completion of the bounty process with the Forecast Foundation, or if it's found to have been exploited on the main Ethereum network.

Helpful References

Frequently Asked Questions

How are bounties paid out?

Rewards are paid out in BTC, ETH, or REP after the submission has been validated by the Forecast Foundation team. Proof of identity is needed.

Who will review my submission?

Determination of eligibility, score, and all related terms of a bounty payout are at the sole and final discretion of the Forecast Foundation.

Can I submit a bug report anonymously?

Of course! You will not be eligible for BTC/ETH/REP rewards. However, you can donate your reward to charity or another cause.

Where can I discuss the bounty program?

You can send an email to [email protected], or join the #bounties channel in the Augur Discord.

Do you have a PGP key?

Yes, it can be found at augur.net/pgp.txt.

Submit a Vulnerability or Bug Report

Or email the Forecast Foundation directly.

Determination of eligibility, score, and all related terms of a bounty payout are at the sole and final discretion of the Forecast Foundation.

Submit a Bug

Other Bounties

EIP-758 Implementation for Geth and Parity

1,250 REP will be awarded for the 1st implementation (either Geth or Parity) submitted and merged. 750 REP will be awarded for the second implementation submitted and merged.

See the Full Spec
EIP-234 Implementation for Geth and Parity

250 REP will be awarded for a Geth implementation. 250 REP will be awarded for a Parity implementation.

See the Full Spec
Gitcoin Bounties

The Forecast Foundation regularly open bounties on Gitcoin.com. Please check there to see a list of open bounties and corresponding rewards.

Gitcoin Bounties
Let's Talk #Bounties

Please join us in the #bounties channel in the Augur Discord to discuss bounty requirements and implementation.

Join us in Discord