Skip to main content

Bug Bounty

We have an ongoing bug bounty program for security-related bugs that compromise key security. This is generally only applicable for https://app.tor.us.

The tiers are as follows:

  • Critical ($5,000) - Bugs that allow theft of user keys under normal operating conditions
    • Eg. Ability to access private key from the dapp JS context
  • High ($2,500) - Bugs that restrict user access to keys, cause loss of funds, system failure, or theft of user keys under restricted operating conditions.
    • Eg. Ability to reset a user's account to a new private key so they are unable to access their funds
  • Medium ($500) - Bugs that affect user access, cause service downtime, or affect usability of the system
    • Eg. Restricting logins for users so they are unable to access their wallet at certain times
  • Low ($200) - Bugs that do not directly compromise security but have the potential to affect users adversely and cause loss of funds
    • Eg. Spoofing authentication emails, presenting wrong information on the wallet

In order to ensure that your bug report is valid and has not already been reported, please reach out to hello@tor.us directly.