Welcome to the Web3 Bug Bounty Collection repository! This project aims to curate a comprehensive list of independently hosted bug bounty programs within the Web3 ecosystem that offer substantial rewards, with payouts ranging into six figures. As the Web3 space continues to grow, security becomes paramount, and these bug bounty programs play a crucial role in identifying and mitigating potential vulnerabilities.
Web3 refers to the next evolution of the internet, where decentralization and blockchain technologies are integrated to create a more user-centric and trustless online experience. This includes decentralized applications (dApps), blockchain networks, smart contracts, decentralized finance (DeFi) protocols, and more.
Bug bounties are initiatives set up by projects and organizations to incentivize ethical hackers and security researchers to find and report potential security vulnerabilities within their systems. By rewarding these researchers for responsibly disclosing vulnerabilities, projects can proactively improve their security posture and protect their users' assets and data.
| Project Name | Highest Bounty | Link |
|---|---|---|
| Stargate Finance | $15,000,000 | Stargate Finance Docs |
| Frax Finance | $10,000,000 | Frax Finance Docs |
| Opensea | $3,000,000 | HackerOne |
| Uniswap | $2,250,000 | Bug Bounty Program |
| Aptos Foundation | $1,000,000 | SECURITY.md |
| 0x Protocol | $1,000,000 | 0x Protocol Docs |
| Convex Finance | $250,000 | Convex Finance Docs |
| AAVE | $250,000 | aave/bug-bounty |
| Ethereum Foundation | $250,000 | Bug Bounty Program |
| Compound | $250,000 | Compound Docs |
| Pool Together | $25,000 | Pool Together Docs |
If you know of any Web3 bug bounty programs that are independently hosted and offering substantial rewards (in the six-figure range), we encourage you to contribute to this collection! Follow these steps:
- Fork this repository to your GitHub account.
- Create a new branch for your contributions.
- Add the relevant information about the bug bounty program to the
README.mdfile in the following format:
| [Project Name](https://project-homepage.com) | $X,XXX,XXX | [Link Description](https://project-homepage.com/bug-bounty) |- Make sure the information is accurate and up-to-date. Entries are sorted by highest bounty in descending order.
- Create a pull request to merge your changes into the main repository.
Please ensure that all the bug bounty programs listed here are legitimate and adhere to responsible disclosure practices.
The information provided in this repository is for informational purposes only. We do not endorse or guarantee the legitimacy or effectiveness of any bug bounty program listed here. Participate in bug bounty programs at your own risk. Make sure to review the specific terms and conditions of each program before participating.
This repository is licensed under the MIT License. By contributing to this project, you agree to license your contributions under the same license.
Happy bug hunting in the Web3 space! Together, we can strengthen the security of the decentralized future.