---
title: "Reporting Vulnerabilities"
description: "Submit Base vulnerability reports through the Coinbase HackerOne program for centralized triage and bug bounty coverage."
source: https://basehub.org/security/report-vulnerability/
---
Submit any potential vulnerability in Base, the Base bridge contracts, or Base infrastructure through the [Coinbase HackerOne program](https://hackerone.com/coinbase).

HackerOne provides a single, centralized intake that the team uses to deliver consistent SLAs and outcomes. Every report is triaged around the clock by Coinbase engineers with the relevant domain expertise, keeping review quality high.

## Bug bounty program

In keeping with the goal of making Base the safest way to access crypto:

- Coinbase extends its [best-in-industry](https://www.coinbase.com/blog/celebrating-10-years-of-our-bug-bounty-program) million-dollar [HackerOne bug bounty program](https://hackerone.com/coinbase?type=team) to cover the Base network, the Base bridge contracts, and Base infrastructure.
- Coinbase's bug bounty program runs alongside Optimism's existing [Immunefi Bedrock bounty program](https://immunefi.com/bounty/optimism/), which supports the open-source [Bedrock](https://docs.optimism.io/stack/getting-started) OP Stack framework.

For full reporting procedures and program details, see the Coinbase [security program policies](https://hackerone.com/coinbase?view_policy=true).