Skip to content

Security at Aragon

The developers supporting the Aragon project take security and their users' wellbeing very seriously.

If you have found a potential vulnerability, please review the following instructions for responsibly disclosing it to the team.

Reporting

  • In order to report a vulnerability, please write an email to security@aragon.org with [SECURITY DISCLOSURE] in the subject of the email.
  • For sensitive vulnerabilities, please the encrypt the email using this PGP key (Fingerprint: B6D5 1396 4B9C 62B7)
  • We will make our best effort to reply in a timely manner and provide a timeline for resolution.
  • Please include a detailed report on the vulnerability with clear reproduction steps. The quality of the report can impact the reward amount.

Smart Contract Bug Bounty

A bug bounty is available on any smart contracts supporting the Aragon client. Please review its instructions and intended scope before submitting a finding.

Smart Contract Audits

A number of audits have been performed on the existing smart contract codebase by the White Hat Group, Consensys Diligence, and Authio. Ongoing smart contract changes will continue being audited at the Aragon Association's discretion.