Updates to the Cosmos Bug Bounty Program

bug-bounty-updates

Security is fundamental to the long-term success of the Cosmos Stack. As part of our ongoing commitment to building secure, resilient blockchain infrastructure, we are sharing an updated overview of our bug bounty program policies. Our program has been in operation for 8 years now, protects hackers through Gold Standard Safe Harbor, and has a 98% response efficiency.

Recent advances in AI have created new challenges in organizations and the security research community, as researchers increasingly submit reports that do not comply with our program guidelines or policies.

These updates are intended to provide greater clarity, align expectations, and foster a strong, collaborative relationship with the security research community in response to these emergent challenges. By clearly defining how to participate, we aim to make it easier for researchers to contribute meaningful findings while helping us protect the broader ecosystem.

[@portabletext/react] Unknown block type "divider", specify a component for it in the `components.types` prop

Key Program Guidelines

To ensure the effectiveness and integrity of the program, participants are expected to follow a few core principles:

  • Focus testing exclusively on in-scope systems and supported, released code
  • Submit clear, high-quality reports that include a valid Proof of Concept
  • Avoid duplicate, out-of-scope, or informational-only submissions
  • Limit testing strictly to what is necessary to demonstrate impact
  • Refrain from any activity that could disrupt systems, compromise data, or harm users
  • Contact the Cosmos team only through the official HackerOne channel

Failure to adhere to these guidelines—including repeated low-quality submissions, misconduct, violating confidentiality, or contacting us through unofficial channels—may result in report closure, ineligibility for rewards, or removal from the program.

[@portabletext/react] Unknown block type "divider", specify a component for it in the `components.types` prop

How to Contribute

We welcome contributions from researchers who are committed to improving the security of the Cosmos Stack.

To get started:

  • Review the full program scope and participation requirements
  • Conduct testing responsibly and in accordance with the policy
  • Submit all findings through our official reporting channel on HackerOne

You can begin here: https://hackerone.com/cosmos.

[@portabletext/react] Unknown block type "divider", specify a component for it in the `components.types` prop

Program Disclaimer

To ensure transparency and proper expectations, please note the following:

  • Bounty rewards are granted at our sole discretion, based on factors such as impact, quality, and validity of submissions
  • Program policies, scope, and reward structures may be modified at any time without prior notice
  • We reserve the right to suspend or terminate the program, or remove participants from eligibility, at our discretion

Participation in the program constitutes acceptance of these terms.

[@portabletext/react] Unknown block type "divider", specify a component for it in the `components.types` prop

Thank You

We would like to thank the security research community for your continued dedication to strengthening open, secure software systems. Your work plays a critical role in identifying vulnerabilities, improving resilience, and supporting the long-term health of the Cosmos ecosystem. We will be making additional changes and improvements to the program over the coming months that we hope will benefit both you and the program.

We appreciate your contributions and look forward to continuing this work together.

Alex Johnson

Alex Johnson

Senior Software Engineer Team Lead

LinkedIn
Updates to the Cosmos Bug Bounty Program | Secure and Performant Digital Ledger Solutions