Bug bounty

There are two ways to responsibly disclose security vulnerabilities:

  1. Submit a report to our Immunefi bug bounty program.
  2. Send an email to security@axelar.network describing the vulnerability.

Even if your security vulnerability is not eligible for a bounty from the bug bounty program (option 1) the Axelar team might decide to award a bounty for a security vulnerability submitted by email to security@axelar.network (option 2).

Most vulnerabilities that are found automatically using widely-available tools (e.g. improper domain configuration) are out of scope for Axelar’s bug bounty program (option 1 above). Axelar may decide to award bounty up to USD $100 for a vulnerability of this form submitted to security@axelar.network (option 2 above).

Often, such a vulnerability does not require the submitter to produce a detailed report. Instead, the initial submission should be only a short note describing the issue. If a more detailed report is needed then Axelar will reply with a request.

Edit on GitHub