Skip to main content

Bug Bounty Program

Polygon is working with the community to find security vulnerabilities to keep the Polygon Projects, Developers and Users safe.

The bounty program is to ensure everyone has an opportunity to find bugs in the Polygon system, which will in turn help the team ensure the security of Polygon. Payouts will go up to $5,000 for critical issues.

Getting started

If you are new to blockchains and/or to Polygon, see Polygon Architecture.

Explore the code on GitHub. There are 3 main repositories for you to study:

Setting up

Set up a test network locally. See Running a node on the local environment

The Polygon CLI repository is an easy way to setup and manage the entire Polygon stack, including Heimdall, Bor, and the Staking & Plasma smart contracts on a local environment. This would help in simulating tests and attacks locally.

If you want to run a full node on the Polygon Mainnet or Mumbai Testnet, you can follow the Run a Validator Node guide.

Obtaining tokens for testing

To get tokens, you can access the Polygon faucet and choose the Goerli network to get some tokens.

Questions?

Check out the forum and join the discussion on Discord.

You are encouraged to explore the following opportunities in our Bug Bounty Programs:

  • Immunefi POS: this program focuses on all Smart Contract and Blockchain assets related to Polygon PoS
  • Immunefi zkEVM: this program focuses on all Smart Contract and Blockchain assets related to Polygon zkEVM
  • HackerOne: this program focuses on all web applications and other assets under Polygon Labs