The official wallet of Supra.

Bug Bounty Program

Supra is building the world’s most secure and robust blockchain ecosystem, and this bug bounty program invites you to join us on this journey. You aren’t just finding vulnerabilities here, you're shaping the future of the decentralized world.

In Scope

Targets
Supra Blockchain Core, Consensus Protocol, Oracles, Smart Contracts, APIs, Developer Tools, Infrastructure, Website Applications.
Types
Code vulnerabilities, security loopholes, protocol flaws, including loss of funds, consensus failures, network halts, and more.

Severity & Rewards

Critical

Up to $1,000,000

(e.g., loss of funds, consensus failures)

High

Up to $100,000

(e.g., network availability issues)

Medium

Up to $25,000

(e.g., API crashes)

Low

Up to $5,000

(e.g., minor bugs)

Submission Guidelines

Eligibility

Must be the first reporter, within scope, and report within 24 hours of discovery.

Program Rules

Confidentiality

Do not disclose vulnerabilities publicly without Supra's consent.

Eligibility Criteria
  • Report within 24 hours of discovery.
  • Properly documented submission.
  • Must not be a known vulnerability.
  • Must be the first reporter.
  • Must be within scope.
  • Not a current or former Supra employee within the last 12 months.
  • Make every effort to avoid privacy violations and disruption of services.
  • KYC required for rewards.

Response Times

First Response: 7d
Triage Time: 14d
Resolution Time: 30d
Reward Time: 90d

Payouts

Rewards will be paid in digital assets determined by the team. Payouts for experimental features or incomplete reports may be reduced.

Responsible Disclosure: Supra adheres to Category 3 for Responsible Publication. All vulnerabilities must remain confidential until resolved.

Invalid Bug Reports

  • Self-exploited attacks.
  • Governance/admin privilege attacks.
  • Social Engineering attacks
  • Attacks requiring leaked credentials.
  • Oracle manipulation flash loan attacks and more.
  • Denial of Service attacks
The following are for reference only and do not cover all invalid bug reports
PrivacyTerms of UseWebsite Data Usage & CookiesBug DisclosureBiometric Information Privacy Policy

©2025 Supra | Entropy Foundation (Switzerland: CHE.383.364.961). All Rights Reserved