There are two ways to disclose security vulnerabilities to the Axelar team:
- Submit a report to our bug bounty program.
- Send email to
firstname.lastname@example.org the vulnerability.
Even if your security vulnerability is not eligible for a bounty from the bug bounty program (option 1) the Axelar team might decide to award a bounty for a security vulnerability submitted by email to
email@example.com (option 2).
Most vulnerabilities that are found automatically using widely-available tools (e.g. improper domain configuration) are out of scope for Axelar's bug bounty program (option 1 above). Axelar may decide to award bounty up to USD $100 for a vulnerability of this form submitted to
firstname.lastname@example.org (option 2 above).
Often, such a vulnerability does not require the submitter to produce a detailed report. Instead, the initial submission should be only a short note describing the issue. If a more detailed report is needed then Axelar will reply with a request.