Bug Bounty Program

Particl is a security and privacy oriented project looking into restoring the balance of privacy back to the users and keeping them safe from exploits. As such, this permanent bug bounty is put in place in order to encourage the responsible disclosure of any bug or vulnerability contained within the Particl code and reward those who find them.


Bug Bounty Rewards

$1500

A bug or flaw that leads to the deanonymization of Particl users

$750

A flaw in the protocol that allows for theft or loss of funds

$500

A bug in the reference client that leads to consensus issues

$250

A bug which causes data corruption or loss

$100

A bug which causes the application to crash

$50

Other non-harmless bugs

Bounties will be paid out for bugs found in the master branch of the official GitHub repositories.
Bounties are paid out in Particl (PART), at the 3-day average of each to a fixed US Dollar value.


How to report a bug

While not mandatory, it is recommended to use Particl's disclosure PGP key to encrypt messages when disclosing bugs.
Do not post the issue on GitHub or anywhere else until the issue has been resolved.

Critical bugs

Critical bugs are required to be disclosed using Particl's disclosure PGP key and reported to core@particl.io

Download PGP key Submit critical bug

Non-critical bugs

Contact the developers privately by sending an e-mail to bounties@particl.io with the details of the issue

Submit non-critical bug


What doesn’t qualify as a bug

  • Bugs found on third-party/community websites, software or services that are not due to an improper configuration issue specific to the Particl code. Please submit any potential issue to the maintainers of that website or providers of that service.
  • Vulnerabilities which are too broad or not documented properly (i.e. do not include a specific example relevant to a Particl-controlled piece of code).
  • Bugs or issues with a third-party site, software, or service that Particl uses, which are not due to an improper configuration issue specific to the Particl code. Please submit any potential issue to the maintainers of that site or providers of that service.
  • Bugs and errors found in software/code that is not live or still under development.
  • Usability issues.
  • Anything requiring social engineering.
  • CSRF that doesn’t affect the victim.
  • The presence of unnecessary files, e.g. for backups, when these files do not expose any sensitive information.
  • Anything that is the result of an automated Nessus/PCI scans (too general).
  • Bugs that have received mainstream tech media or community attention before the date of the disclosure.
  • Upstream bugs that have already received media coverage such as bugs on the Bitcoin codebase itself. The Particl team constantly monitors upstream code and bug disclosures. Regardless, you are still encouraged to disclose any upstream bug you may know.

The fine print

  • A bounty will only be awarded to the first person who reports a bug, unless two or more people report the same bug at approximately the same time, in which case the bounty may be split between them.
  • If the same bug appears in multiple locations it will normally only receive a single bounty.
  • Reports of security-related bugs are not eligible for bounties if the bugs are publicly disclosed prior to being fixed.
  • Bugs need to be disclosed to the Particl team prior to receiving the bounty payment. The Particl team will not award a bounty payment upfront before knowing all details.
  • Only bugs contained within the Particl Core and Particl Market repositories, as well as contained within any Particl wallet (Desktop, Core, Copay) can qualify for bounty payment.
  • Known upstream bugs, such as a bug in the Bitcoin codebase itself or in one of the libraries used by Particl, do not qualify for bounty payment.
  • The issue must be described in enough details to address it.
  • Only the discoverer of a bug is eligible for the associated bounty.
  • All bounty claims need to be assessed individually on a case by case basis.
  • Bounties will be confirmed and awarded within 10 days of their assessment by the Particl team.
  • Inquiries on bounty status may be sent to bounties@particl.io.
  • Bounties will not be awarded if it is illegal to do so.
  • The classification of bugs, values of bounties, and conditions under which bounties are paid are subject to change without notice.
  • The Particl team has sole discretion to determine whether a bug report qualifies for a bounty and for which bounty it qualifies.

Particl Desktop

Particl Desktop is a modern, intuitive, and user-friendly desktop application. Make untraceable payments, buy or sell products and services online using the Open Marketplace, participate in community decisions, or start staking your funds. Particl Desktop is your point-of-access into the Particl ecosystem.

Download

Want to dive deeper?

Latest News

Check the development progress of Particl and see what’s coming up next

Particl.news

Status Report

Check the development progress of Particl and see what’s coming up next

Status Report

Get PART

Get to know all the exchanges and services on which you can get PART coins

Exchanges

Particl Wiki

Find all the tutorials, user guides, troubleshoots, and articles about Particl

Particl.wiki