'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Bug bounty 
We're a core blockchain infrastructure company. We're creating an open-source creative commons that will enable people to create better institutions through technology.
| Target | Type | Severity | Reward |
|---|---|---|---|
https://github.com/paritytech/parity-bridges-common  Copy  Copied Parity Bridges Common | Code | Critical | Bounty |
https://github.com/paritytech/polkadot-sdk/tree/master/bridges Copy Copied Polkadot SDK: Bridges | Code | Critical | Bounty |
https://github.com/paritytech/polkadot-sdk/tree/master/cumulus/parachains/runtimes/bridge-hubs Copy Copied Polkadot SDK: Bridge hub parachains | Code | Critical | Bounty |
https://github.com/polkadot-fellows/runtimes/tree/main/system-parachains/bridge-hubs Copy Copied Runtimes: Bridge hub | Code | Critical | Bounty |
Copied Parity Bridges Common
Copied Polkadot SDK: Bridges
Copied Polkadot SDK: Bridge hub parachains
Copied Runtimes: Bridge hub
Focus Area
Parity Bridges Common is a collection of components for building bridges. These include Substrate pallets for syncing headers and passing arbitrary messages, as well as libraries for building relayers to provide cross-chain communication capabilities.
Familiarize yourself with the bug bounty program requirements.
In case that your finding is valid you might be asked for extra KYC verification to proceed with payments
Program Rules
Rules of the road
Submission timing
Only submissions received by the official start date are considered. If you suspect that the flaw you found may be fatal for the items in the scope, please do not take further action. Instead, describe your assumptions as detailed as possible in the report.
Report critical flaws
If you identify a significant vulnerability, please stop at the point of recognition, gather the minimum amount of evidence necessary to demonstrate the issue, and report the vulnerability.
Duplicate submissions
Duplicate submissions within 72 hours of each will split the bounty. If duplicate submissions are of unequal quality, the split will be at the level of the lesser report, and the greater report will receive a prorated additional bounty on top of the split. Despite striving to be transparent as much as possible, we do not disclose other participant’s names in such cases.
Accidental access
Notify us immediately at [email protected] if you inadvertently access, modify, delete, or store user data by accident, and delete any stored data after notification.
Respect our infrastructure
Our security team will investigate and potentially increase the bounty if the impact is greater than initially assessed. Please refrain from attempts that could break the systems, as many participants share the bounty program resources.
Rules of conduct
Zero tolerance
Threats or extortion towards members of the Polkadot/Kusama ecosystem, including withholding security issues, releasing vulnerabilities or data to the public or third parties, or engaging in disruptive behavior, will lead to immediate disqualification.
Safe and supportive environment
We reserve the right to disqualify individuals acting in a malicious, disrespectful, or disruptive manner. Such actions undermine the shared goal of creating a safe and supportive space for all.
Disclosure Guidelines
- Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
- No vulnerability disclosure, including partial is allowed for the moment.
- Please do NOT publish/discuss bugs
Eligibility and Coordinated Disclosure
We are happy to thank everyone who submits valid reports which help us improve the security. However, only those that meet the following eligibility requirements may receive a monetary reward:
- You must be the first reporter of a vulnerability.
- The vulnerability must be a qualifying vulnerability
- Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through hackenproof.com
- You must send a clear textual description of the report along with steps to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.
- You must not be a former or current employee of us or one of its contractor.
- ONLY USE YOUR HackenProof ADDRESS (in case of violation, no bounty can be awarded)
- Provide detailed but to-the point reproduction steps
What makes a good submission?
Ultimately, we’re after findings that have a real impact. Purely theoretical findings are sometimes entertaining to investigate, so feel free to send us any. However, it will only be eligible if there is a way to break our systems in practice. Here’s what we’re looking for:
Proof-of-concept
Provide a working proof-of-concept (or equivalent evidence) — assuming that your research didn’t produce unrecoverable changes. This helps us to evaluate whether your submission is within the program’s scope and usable in possible attacks.
Impact vision
Describe the potential impact and attack scenario, including necessary conditions.
Originality
Ensure the bug is original and previously unreported (with no traces of reporting in public issues or internal audits).Where applicable, include links to any issues or PR that lead to your discovery or introduction of the vulnerability.
Legal and privacy
The Bug Bounty Program is a discretionary rewards program designed to encourage and reward those helping to improve the systems we build. It is not a competition, and we can cancel the program at any time. Awards are at our sole discretion.
All Bug Bounty awards are subject to compliance with local laws, rules, and regulations. We will not issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists. We may conduct background checks via our screening tool in order to verify eligibility. You are responsible for all taxes payable on received rewards. All rewards are subject to the laws of England and Wales.Your testing must not violate any law or compromise any IP rights, data, or funds that are not yours.
To participate in the Bug Bounty Program, you will need to share personal data, including your name, email address, ID information and photos, and a blockchain address. The Polkadot and Kusama community are committed to protecting and respecting your privacy. For details on how your personal data is used, please see our Privacy Policy.
Any obligations arising out of or in connection with the Polkadot/Kusama Bridges Bug Bounty Program or its subject matter, will be governed by and construed in accordance with the law of England and Wales. The courts of England and Wales have exclusive jurisdiction to settle any disputes or claims (including non-contractual disputes or claims) arising out of or in connection with the program.
This program strongly supports and encourages security research into Polkadot/Kusama Bridge. If you conduct genuine, in-scope, bug-hunting research in good faith and in accordance with this policy, we will consider your actions to be legitimate and not seek prosecution. But for the avoidance of doubt, this does not give you permission to act in any manner that is inconsistent with the law or might cause us to be in breach of any of our legal obligations.
Rewards '%3e%3cpath%20d='M3%2021H24V24H0V0H3V21ZM6.75%2019.5C6.44587%2019.5006%206.14477%2019.4396%205.8649%2019.3205C5.58502%2019.2015%205.33219%2019.027%205.12167%2018.8075C4.91115%2018.588%204.74731%2018.3281%204.64006%2018.0435C4.5328%2017.7589%204.48436%2017.4555%204.49766%2017.1517C4.51095%2016.8478%204.58571%2016.5498%204.71741%2016.2757C4.84911%2016.0015%205.03502%2015.7569%205.2639%2015.5567C5.49279%2015.3564%205.7599%2015.2046%206.0491%2015.1105C6.3383%2015.0164%206.64358%2014.9818%206.9465%2015.009L9.3645%2010.9785C9.1434%2010.639%209.0181%2010.246%209.00182%209.84115C8.98554%209.43629%209.07888%209.03455%209.272%208.67835C9.46512%208.32215%209.75084%208.02471%2010.099%207.81743C10.4472%207.61016%2010.8448%207.50074%2011.25%207.50074C11.6552%207.50074%2012.0528%207.61016%2012.401%207.81743C12.7492%208.02471%2013.0349%208.32215%2013.228%208.67835C13.4211%209.03455%2013.5145%209.43629%2013.4982%209.84115C13.4819%2010.246%2013.3566%2010.639%2013.1355%2010.9785L15.5535%2015.009C15.6682%2014.9987%2015.7836%2014.9977%2015.8985%2015.006L19.8915%208.019C19.6046%207.59868%2019.4686%207.0935%2019.5058%206.58594C19.543%206.07837%2019.7511%205.59841%2020.0963%205.22442C20.4415%204.85043%2020.9032%204.60449%2021.4062%204.52678C21.9091%204.44906%2022.4236%204.54415%2022.8655%204.79653C23.3075%205.0489%2023.6508%205.44364%2023.8395%205.91631C24.0281%206.38897%2024.051%206.91163%2023.9043%207.39896C23.7576%207.88628%2023.45%208.30948%2023.0317%208.59945C22.6135%208.88942%2022.1093%209.02903%2021.6015%208.9955L17.6085%2015.9825C17.8379%2016.319%2017.9717%2016.7114%2017.9956%2017.118C18.0195%2017.5245%2017.9326%2017.9299%2017.7442%2018.291C17.5558%2018.652%2017.2729%2018.9552%2016.9258%2019.1681C16.5786%2019.381%2016.1802%2019.4957%2015.7729%2019.4999C15.3657%2019.5041%2014.965%2019.3978%2014.6134%2019.1922C14.2619%2018.9865%2013.9728%2018.6893%2013.7769%2018.3323C13.581%2017.9753%2013.4857%2017.5717%2013.5011%2017.1648C13.5165%2016.7578%2013.6421%2016.3627%2013.8645%2016.0215L11.4465%2011.991C11.3158%2012.0031%2011.1842%2012.0031%2011.0535%2011.991L8.6355%2016.0215C8.85679%2016.3611%208.98226%2016.7541%208.99864%2017.159C9.01503%2017.564%208.92172%2017.9659%208.72858%2018.3222C8.53544%2018.6785%208.24963%2018.9761%207.90137%2019.1834C7.5531%2019.3907%207.1553%2019.5001%206.75%2019.5Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2777_6507'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Stats 
Types'%3e%3cpath%20d='M16%208.10685L12.0364%2013.0212L10.5818%2012.0459L13.7745%208.10685L10.5818%204.16784L12.0364%203.19254L16%208.10685ZM5.69273%204.16784L3.96364%203.19254L0%208.10685L3.96364%2013.0212L5.69273%2012.0459L2.5%208.10685L5.69273%204.16784ZM5.5%2015.1069L7.23091%2015.6069L10.9909%201L9.26%200.5L5.5%2015.1069Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2689_5375'%3e%3crect%20width='16'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Languages