Bug Bounty
The Coinbase HackerOne bug bounty program covers the Base network, the Base bridge contracts, and Base infrastructure, with vulnerability reports triaged around the clock.
Program coverage
Section titled “Program coverage”In line with Base’s strategy of being the safest way for users to access crypto, Coinbase extends its best-in-industry million-dollar HackerOne bug bounty program to:
- The Base network
- The Base bridge contracts
- Base infrastructure
Coinbase’s program runs alongside Optimism’s existing Immunefi Bedrock bounty program, which covers the open-source Bedrock OP Stack framework.
Submitting a report
Section titled “Submitting a report”All potential vulnerabilities should be submitted via the HackerOne platform. Reports are triaged by Coinbase engineers with relevant domain expertise, ensuring rapid SLAs and high-quality review.
For program scope, eligibility, and reward details, see the security program policies.
Related
Section titled “Related”- Reporting Vulnerabilities — full procedure for submitting a vulnerability report.
- Security Council for Base — the multi-party group that signs off on Base contract upgrades.