Skip to content

Security at Aragon

The developers supporting the Aragon project take security and their users' wellbeing very seriously.

If you have found a potential vulnerability, please review the following instructions for responsibly disclosing it to the team.


  • In order to report a vulnerability, please write an email to [email protected] with [SECURITY DISCLOSURE] in the subject of the email.
  • For sensitive vulnerabilities, please the encrypt the email using this PGP key (Fingerprint: B6D5 1396 4B9C 62B7)
  • We will make our best effort to reply in a timely manner and provide a timeline for resolution.
  • Please include a detailed report on the vulnerability with clear reproduction steps. The quality of the report can impact the reward amount.

Smart Contract Bug Bounty

Two bug bounty programs are available, please review its instructions and intended scope before submitting a finding:

Smart Contract Audits

A number of audits have been performed on the existing smart contract codebase by the White Hat Group, Consensys Diligence, Authio, and others. Ongoing smart contract changes will continue being audited at the Aragon Association's discretion.

Hall of 1337

We maintain a dedicated page celebrating those who have successfully submitted bug bounties or gone above and beyond in reporting security vulnerabilities.

We invite you to become a member!