Argent bug bounty

The integrity of our smart contracts is our highest priority. Our bug bounty program for them has rewards of up to $50,000 (paid in Dai).

Here’s how the bounty works…

What we want you to investigate

All contracts in our /contracts in the repo https://github.com/argentlabs/argent-contracts/tree/master are eligible for the bounty.

The Argent website or the Argent infrastructure in general is NOT part of this bug bounty program.

What vulnerabilities to look for

We of course want to know every vulnerability, but in particular:

  • Risk of funds being stolen
  • Risk of funds being frozen or lost
  • Risk of security operations (lock, recovery, guardians) being maliciously triggered or prevented

Anything already covered by our audits is NOT in scope.

Overview of how Argent works

Contract specifications

The rules

We follow many of the bug bounty rules that the Ethereum Foundation does:

  • Decisions on the eligibility and size of a reward are the sole discretion of Argent.
  • Any disclosure of a vulnerability to the public or other third parties (such as the media) before Argent makes it public will disqualify the bounty. Issues must be privately submitted to bounty@argent.xyz.
  • Issues must be new to the team. They can’t have already been identified by another user or by an audit.
  • No employees, contractors or others with current or prior commercial relationships with Argent are eligible for rewards. This includes auditors used by Argent.
  • Provide the steps required to demonstrate an issue. If we cannot reproduce an issue we will not be able to reward it.

Bounty size

The size of the bounty will vary depending on the severity of the issue discovered. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood.

Decisions on the eligibility and size of a reward are guided by the rules above, but are, in the end, determined at the sole discretion of Argent.

  • Critical: up to $50,000
  • High: up to $25,000
  • Medium: up to $10,000
  • Low: up to $2,000

Other considerations

In addition to severity, other variables are also considered when Argent evaluates the eligibility and size of a bounty, including (but not limited to):

  • Quality of description. Higher rewards are paid for clear, well-written submissions.
  • Quality of reproducibility. Please include test code, scripts and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward.
  • Quality of fix, if included. Higher rewards are paid for submissions with clear description of how to fix the issue.

Please also

  • Remember that you cannot share your report publicly or with others before Argent makes it public
  • (And hopefully this goes without saying) don’t exploit an issue if you find one
  • Try wherever possible to avoid privacy violations, destruction of data, and interruption or degradation of our service

Submission process

Please email bounty@argent.xyz

Own It

We use 🍪 cookies to personalise your experience on Argent. Privacy Policy

Accept

Argent

Company

Security & Support

HQ London, made with ❤️ across Europe