Algorand provides a foundation for existing businesses and new projects to operate globally in the emerging decentralized economy. Algorand’s first-of-its-kind, permissionless, pure proof-of-stake protocol supports the scale, open participation, and transaction finality required to build systems for billions of users.
Algorand invites you to test and help secure our innovative decentralized protocol. We appreciate your efforts and hard work in making the internet (and Algorand) more secure and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal and make a case for a higher priority
Thank you for helping us build a safer internet. If you have any questions regarding this program, please contact firstname.lastname@example.org.
When conducting vulnerability research according to this policy, we consider this research to be:
- Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
- Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
- Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
- Lawful, helpful to the overall security of the Internet, and conducted in good faith.
- You are expected, as always, to comply with all applicable laws.
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via email@example.com before going any further.