Report a Security Issue

Oasis is working with the community to find security vulnerabilities to keep the Oasis Network, developers and users safe. We encourage responsible security investigation and reporting.

How to report?

If you discover a vulnerability, please submit it to our bug bounty program here which also shows the eligible assets. We will quickly respond and verify the vulnerability.


Rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Please note these are general guidelines, and reward decisions are up to the discretion of the Oasis Protocol Foundation.

Our process

We will do our best to meet the following response targets for hackers participating in our program:

  • First Response: 2 business days
  • Time to Triage: 2 business days
  • Time to Bounty: 5 business days

We will keep you updated about the status during the process and may reach out for additional information.

Latest Blogposts

Get Involved

How we use cookies?

At Oasis Foundation we believe in your privacy, so you can choose to browse our site without any tracking or by clicking “Accept”, you help us to improve our site and help us grow our ecosystem. View our Privacy Policy for more information.