Vulnerability Disclosure Procedure
At Decentraland, we take every measure necessary to ensure the security of the platform. If you are a security researcher and took a look at some of our code, contracts, or websites and found a vulnerability, you're eligible for a bounty for doing a responsible disclosure of that bug.
1. Code in Scope
The code from the following repositories is in scope of this program:
As well as the following web properties:
2. Report the vulnerability
Please send us this detailed description to [email protected]. Include an ethereum address that you control in order for the bounty to be awarded.
Such report should include:
- Conditions for the bug to be triggered
- Background and information about how the bug was found
- Instructions to find the critical lines affected
- Unit tests or instructions to trigger the bug
Our team will assess each submission individually and assign a level of severity according to its likelihood and impact Compensation will depend on the severity of the issue found.
Low: Up to $1,500 USD
Medium: Up to $3,000 USD
High: Up to $6,000 USD
Critical: Up to $18,000 USD
Note that assesment and award of the bounty might take up to 60 days to process and validate, and that the payment will be conducted in a stablecoin over the Ethereum network.