After we have assessed the risk and mitigated a vulnerability, it is publicly disclosed in our dedicated repository.
Our rewards program encourages researchers to contribute to the security of the Ark Ecosystem through the following bounties:
We know that software will always have flaws that are hard to notice initially. As we take security of our network as a top priority, we provide a security/vulnerability bounty for bugs or errors in the ARK Core that could potentially harm or exploit the Ark Network.
The worst of the worst security vulnerabilities related to funds or taking control of the network that need to be addressed and fixed ASAP.
Security vulnerabilities that are not related to funds or taking control of the network, but can still pose severe problems to the network.
Issues that can cause temporary problems, but do not expose corrupt data or cause permanent harm.
Security vulnerabilities that usually have no impact on the whole blockchain infrastructure, but can still pose problems for some specific things.
Including a patch with your findings will also make you eligible for a bonus of up to 50% on top of these numbers. To get a bonus make sure to follow the steps outlined here: https://docs.ark.io/security/contributing/#procedure-for-a-pach The size of the bonus is determined at the sole discretion of the Core Developers.
Security bounty can fall in higher or lower tier than you anticipated, all our decisions are final. Exploits which make indirect use of already known issues might not be eligible for a security bounty. Do not take every word literal and examples serve as a basis on what you can expect (it also depends a lot on circumstances of how you can exploit it, what’s the impact and every security vulnerability is evaluated on a case by case basis). Security vulnerabilities are paid in ARK based on the daily average rate before the payout.
The Ark team may decide to deviate from the rewards program and security procedure without disclosing the underlying reasons.