Skip to main content

Bug Bounty Program

Polygon is working with the community to find security vulnerabilities to keep the Polygon Projects, Developers and Users safe.

The bounty program is to ensure everyone has an opportunity to find bugs in the Polygon system, which will in turn help the team ensure the security of Polygon. Payouts will go up to $5,000 for critical issues.

Getting started

If you are new to blockchains and/or to Polygon, see Polygon Architecture.

Explore the code on GitHub. There are 3 main repositories for you to study:

Setting up

Set up a test network locally. See Running a node on the local environment

The Polygon CLI repository is an easy way to setup and manage the entire Polygon stack, including Heimdall, Bor, and the Staking & Plasma smart contracts on a local environment. This would help in simulating tests and attacks locally.

If you want to run a full node on the Polygon Mainnet or Mumbai Testnet, you can follow the links below:

Obtaining tokens for testing

To get tokens, you can access the Polygon faucet and choose the Goerli network to get some tokens.


Check out the forum and join the discussion on Discord.

See also the Immunefi Bug Bounty Program.