Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Bug Bounty

Please allow reasonable time for remediation before any public disclosure.

Smart Contract Vulnerabilities

Report smart contract and on-chain protocol vulnerabilities through our Immunefi bug bounty program. Rewards are paid according to the severity guidelines published there.

Offchain Vulnerabilities

Sapience is open source. Nothing stored in the database is considered private — all data is either sourced from or derived from public on-chain state. That said, unauthorized writes, mutations, or privilege escalation are still in scope.

To report an offchain vulnerability:

  1. Open a support ticket in Discord to let us know. If you're unsure whether something qualifies, reach out first.
  2. Write a failing test that demonstrates the issue.
  3. Submit a pull request with both the test and your fix so the test passes.

We will review submissions and reward based on severity at our discretion.

Out of Scope

  • Frontend typos or cosmetic issues
  • Social engineering or phishing
  • Spam or rate-limiting
  • Publicly known vulnerabilities in third-party dependencies