Image for post
Image for post

Monolith Bug Bounty Program

For the DeFi economy to become a consumer-grade banking experience security has to be at the centre of our platform.

We are pleased to announce that our HackerOne bug bounty program is now public after months as an invite-only bounty program. Combined with our external security audits (see our public github repo) and PCI certification, this puts us in a strong position from a security perspective.

We are calling on security researchers worldwide to help us identify and fix software vulnerabilities on our platform.

What are we interested in?

Software vulnerabilities that affect our users’ assets:

  • Their crypto holdings;

The most important class of bugs we are looking for are ones that compromise the confidentiality, integrity and availability of users’ assets.

Any vulnerability where an attacker can siphon assets from our users in an unintended way is of most interest to Monolith, and will be rewarded accordingly.

The Bounty

For vulnerabilities relating to our handling of the blockchain and our users fiat balances, our bounties will be as follows:

  • Critical: $10,000

For vulnerabilities regarding our mobile apps, our bounties will be as follows:

  • Critical: $2,000

Rewards are at the discretion of Monolith and we will not be awarding significant bounties for low severity bugs.

Where do I find out more:

We will be operating the Monolith Bug Bounty program exclusively through HackerOne. Here, you can find more on the scope, SLAs, and all other relevant information around this program.

We are glad to reward any of you who can help make our platform a safer place for our users and turn the DeFi economy into a consumer-grade banking experience.

— The Monolith Team

Monolith is the world’s first DeFi wallet and accompanying Visa debit card made for spending crypto assets anywhere.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store