Skip to main content

Reporting a Security Issue or Vulnerability

Smart Contract security

If you believe you’ve identified a smart contract issue or vulnerability, please submit a report via Hats.finance anon-friendly submission portal

  1. On that page, under ‘Select Project’, search for ‘Giveth’
  2. enter the details of the security issue via the form.

Using this method will encrypt your communications with Giveth’s security team, and will use the Hat’s bug bounty system which you can learn more about in the hats.finance documentation.

Service vulnerability

If you believe you have identified a security vulnerability on the backend or in the way our deployments work, you are also welcome to email the security team directly at security@giveth.io, with the subject line “Responsible Disclosure”. The email should include:

  • a detailed description of the vulnerability and steps to reproduce it.
  • Please also include your Ethereum wallet address for reward distribution.
  • If you wish to encrypt your message to us, our public PGP key is available HERE.

Once the report is received, the Giveth security team will review the vulnerability and respond with a determination of its validity and severity. If the report is valid, the team will work to fix the vulnerability and - in cases where a reward from our side is offered - distribute the reward to the reporter.