Campaign | Announcing Parami Protocol’s Bug Bounty Program


BUG HUNTERS, come and get it!


Not in scope

/apps, /ChainBridge, /chainbridge-utils, /chainbridge-substrate-events, /go-substrate-rpc-client, /parami-chainbridge-solidity, /parami-scanner, /demo, /open-runtime-module-library, /bridge, /chainbridge-ui, /website, /magiclink, /Paramillionaire, /parami, /defi-pool, /docs, /parami-bounty-program, /Parami Bounty Program, /vision, /, /resolver


  • Quality of description. Higher rewards are paid for clear, well-written submissions.
  • Quality of reproducibility. Please include test code, scripts and detailed instructions. To your best interest, please make it easy for us to reproduce and verify the vulnerability.
  • Quality of fix, optional. Higher rewards are paid for submissions with clear description of how to fix the issue.


What is not included

  • Contracts not included in the Parami Protocol: The reason is pretty straightforward, we are focusing on the above-mentioned products.
  • Malfunction of third-party modules: We integrated many third-party modules into Parami Protocol for different purposes. In case they malfunction, there is nothing much we can do. Please report to the relevant projects.

What is a good bug report

  • A bug report should have a detailed description and scenario for reproduction, as well as potential suggestions on how it can be fixed.


  1. Severity
  2. Description of the bug
  3. Proof of Incidence, like sample code, screenshot, video
  4. Assumed cause (optional)

Bugs will be confirmed within three business days after submission. After confirmation and grading, the reward will be distributed to your wallet address within two weeks if we can timely contact you through Github/email. Meanwhile, do not disclose your submission in public before Parami team did so.

About Parami Protocol

Website | Telegram | (New!)Russian community | Twitter | Medium | Github | Discord

The Parami Team