---
title: "Bug Bounty"
description: "Coinbase's million-dollar HackerOne bug bounty program covers Base, the Base bridge contracts, and Base infrastructure."
source: https://basehub.org/security/bug-bounty/
---
The Coinbase HackerOne bug bounty program covers the Base network, the Base bridge contracts, and Base infrastructure, with vulnerability reports triaged around the clock.

## Program coverage

In line with Base's strategy of being the safest way for users to access crypto, Coinbase extends its [best-in-industry](https://www.coinbase.com/blog/celebrating-10-years-of-our-bug-bounty-program) million-dollar [HackerOne bug bounty program](https://hackerone.com/coinbase?type=team) to:

- The Base network
- The Base bridge contracts
- Base infrastructure

Coinbase's program runs alongside Optimism's existing [Immunefi Bedrock bounty program](https://immunefi.com/bounty/optimism/), which covers the open-source [Bedrock](https://docs.optimism.io/stack/getting-started) OP Stack framework.

## Submitting a report

All potential vulnerabilities should be submitted via the [HackerOne platform](https://hackerone.com/coinbase). Reports are triaged by Coinbase engineers with relevant domain expertise, ensuring rapid SLAs and high-quality review.

For program scope, eligibility, and reward details, see the [security program policies](https://hackerone.com/coinbase?view_policy=true).

## Related

- [Reporting Vulnerabilities](/security/report-vulnerability/) — full procedure for submitting a vulnerability report.
- [Security Council for Base](/security/security-council/) — the multi-party group that signs off on Base contract upgrades.