Details

At Consensys, we take cybersecurity seriously and value the contributions of the security community at large. We look forward to working with the security community to identify potential issues that will help us ensure the security and privacy of our customers and their data.

The severity of findings is calculated based on the OWASP Risk Rating Methodology, taking into account both technical and business impact.

Response Targets

Consensys will make a best effort to meet the following SLAs for hackers participating in our program:

Type of Response	SLA in business days
First Response	1 day
Time to Triage	2 days
Time to Bounty	14 days
Time to Resolution	Depends on severity & complexity

We’ll try to keep you informed about our progress throughout the process.

Disclosure Policy

Please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.
Follow HackerOne's disclosure guidelines.

Program Rules

Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.

Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
Social engineering (e.g. phishing, vishing, smishing) is prohibited.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
Where possible, please add the "X-HackerOne: " HTTP header when testing vulnerabilities, so we can identify you and assist

Safe Harbor

By responsibly submitting your findings to Consensys in accordance with these guidelines, Consensys agrees not to pursue legal action against you. Consensys reserves all legal rights in the event of noncompliance with these guidelines. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep ConsenSys, our users and our community safe!

Response Targets

Consensys will make a best effort to meet the following SLAs for hackers participating in our program:

Type of Response	SLA in business days
First Response	1 day
Time to Triage	2 days
Time to Bounty	14 days
Time to Resolution	Depends on severity & complexity

We’ll try to keep you informed about our progress throughout the process.

Program Rules

Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.

Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).

Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.

Social engineering (e.g. phishing, vishing, smishing) is prohibited.

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Where possible, please add the "X-HackerOne: " HTTP header when testing vulnerabilities, so we can identify you and assist

Safe Harbor

Thank you for helping keep ConsenSys, our users and our community safe!