Bug Bounty Program

Security is a first-class priority in Signet. As we prepare for Mainnet, we’re opening a formal bug bounty program to invite the community to help secure the protocol.

This program provides rewards for responsibly disclosed vulnerabilities across the Signet stack. By incentivizing white-hat research, we strengthen our rollup’s security and create a shared foundation of trust.

Scope

The bounty program covers smart contracts, core services, libraries, infrastructure, and public-facing tooling. See the full policy for complete scope details and exclusions.

Rewards

Payouts based on severity and impact:

• Critical (chain halt, user fund loss, key exfiltration, forged state): up to $50,000
• High (consensus break, censorship, griefing, improper permissions): up to $20,000
• Medium (asymmetric DoS, data manipulation): up to $10,000
• Low (informational): no payout

Quarterly budget of $50,000 for Medium and High bounties. No cap on Critical bounties. Safe harbor provided to all participants acting in good faith.

Reporting

• High / Critical severity: email security@init4.technology using the provided template
• Medium and below: submit via GitHub issue on the relevant repository

Response targets: acknowledgment within 1 day, initial triage within 4 days.

Why This Matters

Signet is building a new synchronous composability layer on Ethereum. Security is non-negotiable. By running a public bug bounty, we align the incentives of researchers, developers, and the broader community.

Help us harden the protocol. Build with us, test with us, and push the limits of what’s possible on Signet.

• Bug Bounty Policy & Scope
• Report a Vulnerability
• Build On Signet

Get In Touch

• Twitter/X
• Telegram
• Email