The ANON Bounty Program provides bounties for bugs. We call on our community and all bug bounty hunters to help us identify bugs in the protocols and clients.
Before hunting down bugs, take a second to read over the rules.
- Issues that have already been submitted by another user or are already known to the ANON developers are not eligible for bounty rewards.
- Publicly disclosing a vunerablilty makes it ineligible for a bounty.
- We ask that you start or fork a private chain for bug hunting. Please respect the ANON main and test networks and refrain from attacking them.
- ANON core developers, employes and other people paid by the ANON project, directly or indirectly, are not eligible for bounty rewards.
- Anyone who works with the codebase as a professional ANON developer is not eligible for rewards.
- ANON websites or ANON online infrastructure are not eligible for rewards.
- ANON bounty program considers a number of variables when determining bounty rewards. Determinations of eligibility, score and all terms related to an aweard are at the sole and final discrestion fo the ANON bug bounty pannel.
The value of rewards paid out will vary depending on severity. Severity is caluclated according to the OWASP risk rating model based on impact and likelihood:
Reward sizes are guided by the rules below. However, in the end, rewards are determined at the sole discretion of the ANON Bug Bounty Panel.
- Critical: xxxxx ANON/Points
- High: xxxx ANON/Points
- Medium: xxx ANON/Points
- Low: xx ANON/Points
- Note: x ANON/Points.
In addition to severity, other variables are considered when the ANON Bug Bounty Panel decides the score. These variables include (but not limited to):
- Quality of description. Higher rewards are paid out for clear, well-written submissions.
- Reproducibility. We require test code, scripts and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward.
- Quality of fix, if included. Higher rewards are paid out for submissions with clear descriptions how to fix the issue.
Important Legal Information
The bug bounty program is an experimental and discretionary rewards program for our active ANON community to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of ANON Foundation bug bounty panel. In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists (e.g. North Korea, Iran, etc). You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.