Be rewarded for keeping us safe

Web3 is best captured by the values it represents: Shared ownership, open collaboration, and a call for everyone to contribute to missions they care about in their own way.

Help to reduce the surface area for attacks on the protocol protecting fairness and privacy. And earn bounties while you are at it.

Find

Discover bugs across Automata's product stack, middleware services, or network infrastructure

 Include a Proof-of-Concept and specific steps to reproduce your findings in a detailed report

Earn

We will reach out upon receiving a valid submission. Rewards are distributed based on the impact and severity of the bug.

Low-risk 

Low impact, low priority

Issue is unlikely to pose an immediate threat to the network, nor put its security at risk

Rewards

USDT or ATA

Medium-risk

Low impact, medium priority

Issue has already impacted the network, with the scope of its impact being limited in nature 

Rewards

USDT or ATA

High-risk

Medium impact, high priority

Impact of issue is severe with significant loss of user funds or sensitive data being accessed

Rewards

USDT or ATA

Critical-risk

High impact, high priority

Has resulted in large-scale exploits with loss of user funds or leakage of sensitive data

Rewards

USDT or ATA

Rewards

Submit your report to security@ata.network. All submissions will be vetted by the Automata team

Rules of engagement 

Explain the vulnerability in detail 

Provide as much information as possible, with clear, reproducible steps or a working Proof-of-Concept. Reports that provide suggestions on how to fix the vulnerability may also be considered for increased bounty rewards. 

Responsible disclosure of bugs 

Do not disclose the bug publicly until a fix has been found, and refrain from sharing details with any other party. Exposing a vulnerability before remediation can cause irreparable harm to Automata Network and our community.

Do no harm

Make every effort not to compromise or disrupt any of Automata’s products, services or network infrastructure. Avoid privacy or data violations and do not exploit the vulnerability for profit outside of Automata’s Bug Bounty Program.

Early bird gets the worm

Reward goes to the first (valid) report in the case of duplicate reports received.  Submit only one vulnerability per report unless there is a need to provide relevance or impact. 

Automata Bug Bounty Program

Secure our network and be part of its success story