Bug Bounty
Being in the blockchain industry, we are constantly evolving with the high pace of the ecosystem. Being from a security first mindset, value the contribution of external security researchers. Hence, we would like to welcome and seek to reward eligible contributions from security researchers, as outlined below. If you believe that you have found a security vulnerability on any of the technologies by Torus Labs, we encourage you to let us know straight away. We will investigate all legitimate reports and do our best to fix the problem as soon as possible.
Our Bug Bounty Tiers
| Tier | Award | Description | Example |
|---|---|---|---|
| Critical | $10,000 | Bugs that allow theft of user wallets under normal operating conditions | Ex: Ability to access private key from the dApp JS context |
| High | $5000 | Bugs that restrict user access to wallets, cause loss of funds, system failure, or theft of user wallets under restricted operating conditions. | Ex: Ability to reset a user's account to a new private key so they are unable to access their funds |
| Medium | $800 | Bugs that affect user access, cause service downtime, or affect usability of the system. | Ex: Restricting logins for users so they are unable to access their wallet at certain times |
| Low | $200 | Bugs that do not directly compromise security but have the potential to affect users adversely and cause loss of funds | Ex: Spoofing authentication emails, presenting wrong information on the wallet |
info
In order to ensure that your bug report is valid and has not already been reported, please reach out to hello@web3auth.io directly.