The Session Token Bug Bounty Program is now active.

The bug bounty program will run alongside the Session Testnet and aims to engage technical members of the Session community to contribute code improvements to the Session Token smart contracts. By doing so, Session’s systems and infrastructure will be thoroughly battle-tested before activation on mainnet.

This Bug Bounty Program is subject to the Bug Bounty Program Terms and Conditions (the “Bug Bounty Terms”). By participating (or attempting to participate) in the Bug Bounty Program, you agree to the Bug Bounty Terms.

Scope 🔎

The first phase of the program, commencing on July 16, 2024 will focus solely on the Session Token smart contracts, which are open source.

The scope of the bug bounty program encompasses the code in this folder (excluding testing code found in the tests subfolder).

As the program progresses, additional components of the infrastructure and applications may be added to the scope of the program. Please check back to this page for further updates.

Rewards 🤝

Payments will be made in USDC based on the severity of the issue, at the sole discretion of Session, and subject to the terms outlined in this post and the Bug Bounty Terms.

Eligibility

To be eligible for a bug bounty reward, the following conditions must be met:

  • Prompt disclosure to bugbounty@getsession.org following the discovery of the issue.
  • Disclosure must be made directly to bugbounty@getsession.org. Disclosure must not be made to any other party without explicit consent.
  • The issue and all related details must remain confidential between the reporter and Session.
  • The issue must be reported unconditionally, without any demands or threats.
  • The submission must provide enough detail to facilitate a clear understanding and reproduction of the issue.

Refer to the Bug Bounty Terms for more information.

Transparency

All Bug Bounty submissions and responses from the team will be documented and shared with the community. You can view them on our GitHub here.

Thank you! 💚

Thank you for helping battle-test the new Session Network! Please direct any questions regarding the bug bounty program to bugbounty@getsession.org.