Vulnerability Disclosure Procedure

At Decentraland, we take every measure necessary to ensure the security of the platform. If you are a security researcher and took a look at some of our code, contracts, or websites and found a vulnerability, you're eligible for a bounty for doing a responsible disclosure of that bug.

1. Code in Scope

The code from the following repositories is in scope of this program:

As well as the following web properties:

2. Report the vulnerability

Please send us this detailed description to Include an ethereum address that you control in order for the bounty to be awarded.

Such report should include:

3. Compensation

Our team will assess each submission individually and assign a level of severity according to its likelihood and impact Compensation will depend on the severity of the issue found.

Low: Up to $1,500 USD

Medium: Up to $3,000 USD

High: Up to $6,000 USD

Critical: Up to $18,000 USD

Note that assesment and award of the bounty might take up to 60 days to process and validate, and that the payment will be conducted in a stablecoin over the Ethereum network.