Bug Bounty Program

Particl is a security and privacy oriented project looking into restoring the balance of privacy back to the users and keeping them safe from exploits. As such, this permanent bug bounty is put in place in order to encourage the responsible disclosure of any bug or vulnerability contained within the Particl code and reward those who find them.

Bug Bounty Rewards

$1500

A bug or flaw that leads to the deanonymization of Particl users

$750

A flaw in the protocol that allows for theft or loss of funds

$500

A bug in the reference client that leads to consensus issues

$250

A bug which causes data corruption or loss

$100

A bug which causes the application to crash

$50

Other non-harmless bugs

Bounties will be paid out for bugs found in the master branch of the official GitHub repositories.
Bounties are paid out in Particl (PART), at the 3-day average of each to a fixed US Dollar value.

How to report a bug

While not mandatory, it is recommended to use Particl's disclosure PGP key to encrypt messages when disclosing bugs.
Do not post the issue on GitHub or anywhere else until the issue has been resolved.

Critical bugs

Critical bugs are required to be disclosed using Particl's disclosure PGP key and reported to core@particl.io

Download PGP key Submit critical bug

Non-critical bugs

Contact the developers privately by sending an e-mail to bounties@particl.io with the details of the issue

Submit non-critical bug

What doesn’t qualify as a bug

  • Bugs found on third-party/community websites, software or services that are not due to an improper configuration issue specific to the Particl code. Please submit any potential issue to the maintainers of that website or providers of that service.
  • Vulnerabilities which are too broad or not documented properly (i.e. do not include a specific example relevant to a Particl-controlled piece of code).
  • Bugs or issues with a third-party site, software, or service that Particl uses, which are not due to an improper configuration issue specific to the Particl code. Please submit any potential issue to the maintainers of that site or providers of that service.
  • Bugs and errors found in software/code that is not live or still under development.
  • Usability issues.
  • Anything requiring social engineering.
  • CSRF that doesn’t affect the victim.
  • The presence of unnecessary files, e.g. for backups, when these files do not expose any sensitive information.
  • Anything that is the result of an automated Nessus/PCI scans (too general).
  • Bugs that have received mainstream tech media or community attention before the date of the disclosure.
  • Upstream bugs that have already received media coverage such as bugs on the Bitcoin codebase itself. The Particl team constantly monitors upstream code and bug disclosures. Regardless, you are still encouraged to disclose any upstream bug you may know.

The fine print

  • A bounty will only be awarded to the first person who reports a bug, unless two or more people report the same bug at approximately the same time, in which case the bounty may be split between them.
  • If the same bug appears in multiple locations it will normally only receive a single bounty.
  • Reports of security-related bugs are not eligible for bounties if the bugs are publicly disclosed prior to being fixed.
  • Bugs need to be disclosed to the Particl team prior to receiving the bounty payment. The Particl team will not award a bounty payment upfront before knowing all details.
  • Only bugs contained within the Particl Core and Particl Market repositories, as well as contained within any Particl wallet (Desktop, Core, Copay) can qualify for bounty payment.
  • Known upstream bugs, such as a bug in the Bitcoin codebase itself or in one of the libraries used by Particl, do not qualify for bounty payment.
  • The issue must be described in enough details to address it.
  • Only the discoverer of a bug is eligible for the associated bounty.
  • All bounty claims need to be assessed individually on a case by case basis.
  • Bounties will be confirmed and awarded within 10 days of their assessment by the Particl team.
  • Inquiries on bounty status may be sent to bounties@particl.io.
  • Bounties will not be awarded if it is illegal to do so.
  • The classification of bugs, values of bounties, and conditions under which bounties are paid are subject to change without notice.
  • The Particl team has sole discretion to determine whether a bug report qualifies for a bounty and for which bounty it qualifies.

Particl Desktop

Particl Desktop is the best and easiest way to access the Particl ecosystem. Just like an operating system, it acts as a host for its decentralized applications, wallet, and marketplace.

Download & Explore
What's new? All Downloads
Particl Desktop

Stay up-to-date with Particl

Get news about important security updates, hardforks, testing opportunities or marketplace tips – your choice!
Subscribe & keep me in the loop

Want to dive deeper?

Latest News

Read the latest project updates about Particl by subscribing to our blog:

Particl.news

User Guides

Step-by-step guides for all things Particl. These community created tutorials cover everything from creating a wallet to contributing to the network.

User Guides

Particl Wiki

Find how-to guides, community-powered articles and solutions to common issues on our knowledge base site.

Particl.wiki