Build on Augur
Join the growing number of developers, projects and companies building on the Augur protocol.
Augur Bug Bounty Program
The Augur core developers calls on all community members, security engineers and hackers to help identify bugs in the Augur contracts and codebase. Rewards up to $25,000 USD are available.
Submit Bug Report
Scope
Deployed versions of Augur's contracts can be found on the Ethereum mainnet. For all other Augur software packages, submissions must be valid against their master branches.
Rewards
Bounty payment amounts are decided by assessing severity. The Augur core developers calculate the severity level according to the CVSS risk rating model based on both impact and likelihood.
You are ineligible for bounty rewards if the vulnerability submitted is already known by the Augur core developers, if it's publicly disclosed prior to the completion of the bounty process with the Augur core developers, or if it's found to have been exploited on the main Ethereum network.
Frequently Asked Questions
How are bounties paid out?
Rewards are paid out in BTC, ETH, or REP after the submission has been validated by the Augur core developers. Proof of identity is needed.
Who will review my submission?
Determination of eligibility, score, and all related terms of a bounty payout are at the sole and final discretion of the Augur core developers.
Can I submit a bug report anonymously?
Of course! You will not be eligible for BTC/ETH/REP rewards. However, you can donate your reward to charity or another cause.
Where can I discuss the bounty program?
You can send an email to bounty@augur.net, or join the #bounties channel in the Augur Discord.
Do you have a PGP key?
Yes, it can be found at augur.net/pgp.txt.