Documentation/Security/Bug Bounty
Security • Bug Bounty Program

Bug Bounty Program

Help secure the Tetreum ecosystem and earn rewards for finding vulnerabilities.

Program Overview

The Tetreum Bug Bounty Program rewards security researchers for responsibly disclosing vulnerabilities in our core protocol, smart contracts, and infrastructure.

$10K+
Total Rewards Paid
14
Bugs Found
72h
Avg Response Time
Reward Structure

Rewards are determined based on severity and impact:

Critical

$1,000 - $5,000

Remote code execution, privilege escalation, fund theft

High

$500 - $2000

Significant security bypass, data exposure, DoS attacks

Medium

$250 - $1000

Authentication bypass, information disclosure

Low

$100 - $500

Minor security issues, best practice violations

Program Scope

✅ In Scope

  • • Core Tetreum protocol
  • • Official smart contracts
  • • RPC endpoints
  • • Explorer infrastructure
  • • Official dApps
  • • Governance contracts

❌ Out of Scope

  • • Third-party dApps
  • • Social engineering
  • • Physical attacks
  • • Previously reported issues
  • • Spam/DoS via transaction fees
  • • UI/UX issues without security impact
Submission Guidelines

Follow these guidelines for valid submissions:

Required Information

  • • Clear vulnerability description
  • • Step-by-step reproduction steps
  • • Proof of concept code/screenshots
  • • Impact assessment
  • • Suggested fix (if possible)

Responsible Disclosure

  • • Report privately before public disclosure
  • • Allow 90 days for fix development
  • • Do not exploit vulnerabilities
  • • Limit testing to minimize impact
  • • Respect user privacy and data

Submission Process

  1. 1. Email [email protected] with your findings
  2. 2. Our team will acknowledge within 72 hours
  3. 3. We'll validate and assess the vulnerability
  4. 4. Reward decision and payment processing
  5. 5. Coordinated disclosure (if applicable)
Hall of Fame

Recognizing our top security researchers:

@ishwinmanoor

Found critical fund drain vulnerability

$10,000
June 2025

@davidraunak

Multiple high-severity findings

$5,000
June 2025

@ranishtarun

RPC endpoint security enhancement

$1,000
June 2025

Ready to Contribute?

Help secure Tetreum and earn rewards for your security research.