ZetaChain is committed to security across all aspects of its ecosystem. To that end, ZetaChain has established a bug bounty program to reward researchers, developers, and users who help identify and report security vulnerabilities.
You can access and report issues at https://immunefi.com/bounty/zetachain/.
The scope of this bug bounty program is focused on ZetaChain's smart contracts, public-facing APIs, blockchain protocol/infrastructure, and web applications.
- All reports must be submitted through Immunefi, accessible here.
- Report any suspected vulnerability promptly.
- Do not attempt to exploit a vulnerability without prior authorization.
- Do not publicly disclose a vulnerability before it is reported and patched.
- Do not access data or systems beyond the scope of the vulnerability.
- Do not use social engineering techniques.
- Do not attempt to access accounts or personal data of users.
The rewards for successful vulnerability reports range from $5,000 to $100,000, depending on the severity of the issue. All payouts are to be done by the ZetaChain team through Immunefi.
| Critical | USD $30,000 to $100,000 |
|---|---|
| High | USD $10,000 to $30,000 |
| Medium | USD $10,000 |
| Critical | USD $15,000 to $30,000 |
|---|---|
| High | USD $5,000 to $15,000 |
| Medium | USD $5,000 |
We value responsible disclosure, and we encourage all participants to act responsibly when reporting vulnerabilities.
For any questions or concerns, please contact us at [email protected].