At OpenSea, we’re on a mission to construct the world’s most trusted and inclusive NFT market – and a key side of “belief” implies understanding and understanding our technical vulnerabilities, so we will anticipate and stop assaults from ever occurring within the first place. Fortunately for us, OpenSea has a vibrant group of passionate and extremely expert customers who we’ve partnered with to develop OpenSea’s Bug Bounty Program!
This program has existed informally for a while, and we introduced on HackerOne in October 2021 to assist us formalize it. Right now, with our continued development and visibility, we’re now able to make this system public and increase the participation to anybody eager to make a significant safety affect on OpenSea. As we scale this system, we’re targeted on empowering our group members to determine and flag any safety vulnerabilities so the OpenSea workforce can act rapidly to evaluation and patch enhancements to our web site.
Since its launch, OpenSea’s Bug Bounty program has allowed us to rapidly handle vulnerabilities, enhance our defenses, and assist preserve our platform safe alongside our personal groups’ efforts. Engagement has been great – and since Might of 2020, we’ve resolved and paid bounty for greater than 25 confirmed vulnerability reviews.
The way it Works
In trade for vulnerability reviews, we might be offering rewards in a tiered mannequin primarily based on the severity of the difficulty reported. The bounties vary between $500 and $50,000, relying on the severity of the vulnerability and affect. All bounties are topic to be paid out at increased charges on the discretion of the OpenSea workforce relying on severity of the reported vulnerability.
Once we obtain a report, we decide to responding to and triaging new bug bounty submissions in lower than 4 days, issuing bounties for confirmed vulnerabilities in lower than 25 days, and resolving any confirmed vulnerabilities as rapidly as attainable.
OpenSea is dedicated to a real partnership with the group to search out and resolve any vulnerabilities which may exist on our platform. Each report might be reviewed by a safety knowledgeable and responded to in a well timed trend – we deeply recognize the trouble and vigilance of those that contribute! You will discover extra in regards to the bug bounty coverage and methods to report points at OpenSea’s HackerOne web page: https://hackerone.com/opensea
Assist Us by way of our Sponsors