Security
Security Policies for Threshold Network
Last updated
Was this helpful?
Security Policies for Threshold Network
Last updated
Was this helpful?
Find bugs and vulnerabilities on Threshold Network and get paid up to $500,000
Threshold Network has a .
The details for the Bug Bounty are maintained and updated at the . There you can explore the assets in scope of the Bounty and the different rewards by threat level. As a guide, the initial bounty program launched with the following rewards according to the severity of the threats found:
Smart Contracts
Critical Level: USD $100,000 to USD $500,000
High Level: USD $10,000 to USD $50,000
Medium Level: USD $1,000 to USD $5,000
Low Level: USD $1,000
Websites and Applications
Critical Level: USD $10,000 to USD $25,000
High Level: USD $1,000 to USD $10,000
Medium Level: USD $1,000
A great place to begin your research is by working on our testnet. Please see our to get started. We ask that you please respect network machines and their owners. If you find a vulnerability that you suspect has given you access to a machine against the owner's permission, stop what you're doing and create a report using the immunefi dashboard for researchers.
Rewards are distributed according to the impact of the vulnerability based on the . This is a simplified 4-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
Threshold DAO will try to make an initial assessment of a bug's relevance, severity, and exploitability, and communicate this back to the reporter. The Threshold DAO will compensate findings on a case-by-case basis. We value security researchers and we encourage you to contact us to discuss your findings.
We also ask all researchers to please submit their reports in English.
Please, verify the list of assets in-scope and out-of-scope available as part of the . Additionally, security researchers are encouraged to submit issues outside of the outlined Impacts and Assets in Scope. If you can demonstrate a critical impact on code in production for an asset not in scope, Threshold DAO encourages you to submit your bug report using the “primacy of impact exception” asset in Immunefi.