Security

Bug bounty and responsible disclosure

If you find a security vulnerability in Pool Party, we want to hear about it privately so we can fix it before it can be abused. This page explains what is in scope, how to report, and the current status of a formal bounty program.

Program status

A formal, hosted bug bounty program (for example on Immunefi or HackerOne) with published reward tiers is not live yet. We will list the platform, scope, and reward tiers here when it launches. In the meantime, we operate responsible disclosure: report privately through the channels below and we will respond.

In scope

Out of scope

How to report

Report privately, with enough detail to reproduce (affected component, steps, and a proof of concept where possible). Reach the team through GitHub (private security advisory) or the moderators in our Discord. Please give us reasonable time to investigate and fix before any public disclosure.

Our commitment

We will acknowledge your report, keep you updated while we investigate, and credit you if you would like once the issue is resolved. We will not pursue legal action against good-faith researchers who follow this process and avoid privacy violations and service disruption.

See the security overview for how Pool Party approaches security and how to verify contracts on BaseScan.