Bug bounty
There are two ways to responsibly disclose security vulnerabilities:
- Submit a report to our Immunefi bug bounty program.
- Send an email to
security@axelar.network
describing the vulnerability.
Even if your security vulnerability is not eligible for a bounty from the bug bounty program (option 1) the Axelar team might decide to award a bounty for a security vulnerability submitted by email to security@axelar.network
(option 2).
Vulnerability Criteria
Most vulnerabilities that are found automatically using widely-available tools (e.g. improper domain configuration) are out of scope for Axelar’s bug bounty program (option 1 above). Axelar may decide to award bounty up to USD $100 for a vulnerability of this form submitted to security@axelar.network
(option 2 above).
Often, such a vulnerability does not require the submitter to produce a detailed report. Instead, the initial submission should be only a short note describing the issue. If a more detailed report is needed then Axelar will reply with a request.