Bug Bounty Program
OnRe operates an active bug bounty program through Immunefi. Security researchers and ethical hackers are invited to identify and responsibly disclose vulnerabilities across OnRe's infrastructure.
Issues may be submitted directly through Immunefi or reported privately to the OnRe team. All reported vulnerabilities are reviewed by OnRe's engineering team. Remediation notes and relevant details are published to the OnRe GitHub repository upon resolution.
Learn more about our bug bounty program here: https://immunefi.com/bug-bounty/onre/information/.
Rewards
Rewards of up to $100,000 are available and are determined by the potential impact of the vulnerability, as defined below. Payouts are handled by the OnRe team directly and are denominated in USD. However, payments are done in USDC.
Critical
Max: $100,000
Min: $10,000
High
$5,000
Medium
$2,000
Low
$1,000
KYC Requirement
The provision of KYC is required to receive a reward for this bug bounty program where the following information will be required to be provided:
Identity Document
Proof of Address
KYC information is only required on confirmation of the validity of a bug report and will be handled by Onfido. Researchers resident in jurisdictions excluded under OnRe's policy and researchers in OFAC-sanctioned jurisdictions are not eligible to receive rewards.
Last updated