Reporting Vulnerabilities
Submit any potential vulnerability in Base, the Base bridge contracts, or Base infrastructure through the Coinbase HackerOne program.
HackerOne provides a single, centralized intake that the team uses to deliver consistent SLAs and outcomes. Every report is triaged around the clock by Coinbase engineers with the relevant domain expertise, keeping review quality high.
Bug bounty program
Section titled “Bug bounty program”In keeping with the goal of making Base the safest way to access crypto:
- Coinbase extends its best-in-industry million-dollar HackerOne bug bounty program to cover the Base network, the Base bridge contracts, and Base infrastructure.
- Coinbase’s bug bounty program runs alongside Optimism’s existing Immunefi Bedrock bounty program, which supports the open-source Bedrock OP Stack framework.
For full reporting procedures and program details, see the Coinbase security program policies.