.png)
Be rewarded for keeping us safe
Web3 is best captured by the values it represents: Shared ownership, open collaboration, and a call for everyone to contribute to missions they care about in their own way.
Help to reduce the surface area for attacks on the protocol protecting fairness and privacy. And earn bounties while you are at it.
Find
Discover bugs across Automata's product stack, middleware services, or network infrastructure
Include a Proof-of-Concept and specific steps to reproduce your findings in a detailed report
Earn
We will reach out upon receiving a valid submission. Rewards are distributed based on the impact and severity of the bug.
Low-risk
Low impact, low priority
Issue is unlikely to pose an immediate threat to the network, nor put its security at risk
Rewards
USDT or ATA
Medium-risk
Low impact, medium priority
Issue has already impacted the network, with the scope of its impact being limited in nature
Rewards
USDT or ATA
High-risk
Medium impact, high priority
Impact of issue is severe with significant loss of user funds or sensitive data being accessed
Rewards
USDT or ATA
Critical-risk
High impact, high priority
Has resulted in large-scale exploits with loss of user funds or leakage of sensitive data
Rewards
USDT or ATA
Rewards
Submit your report to security@ata.network. All submissions will be vetted by the Automata team
Rules of engagement
Explain the vulnerability in detail
Provide as much information as possible, with clear, reproducible steps or a working Proof-of-Concept. Reports that provide suggestions on how to fix the vulnerability may also be considered for increased bounty rewards.
Responsible disclosure of bugs
Do not disclose the bug publicly until a fix has been found, and refrain from sharing details with any other party. Exposing a vulnerability before remediation can cause irreparable harm to Automata Network and our community.
Do no harm
Make every effort not to compromise or disrupt any of Automata’s products, services or network infrastructure. Avoid privacy or data violations and do not exploit the vulnerability for profit outside of Automata’s Bug Bounty Program.
Early bird gets the worm
Reward goes to the first (valid) report in the case of duplicate reports received. Submit only one vulnerability per report unless there is a need to provide relevance or impact.
