Unit 410

Vulnerability Rewards Program

No technology is perfect, and Unit 410 believes that working with skilled security researchers is crucial in identifying weaknesses in technology. If you believe you've found a security issue that affects staking nodes that we're running, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Notification Policy
  1. Let us know as soon as possible upon discovery of a potential security issue, and, if there is any issue, we'll work to resolve it quickly.
  2. Allow a reasonable amount of time for us to resolve an issue before disclosing to the public or a third-party.
  3. Avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
  4. All submissions of such disclosure notifications are subject to additional terms and conditions.


Our reward tiers are as follows. Classification and qualification for any reward is up to Unit 410's exclusive judgment and discretion, and payment, if any, would be subject to additional terms and conditions and our ability to pay. We will make a reasonable effort to resolve submissions in a manner that is mutually beneficial.
Tier Minimum Reward Description
Critical shared on request Exploits, system access or issues in key management, production crypto systems or contracts designed and managed by unit 410 that could lead to the loss of > $1m of value.
High shared on request Direct access to other unit 410 managed production systems or data that could lead to the loss of > $100k of funds. This excludes vulnerabilities introduced through network or protocol wide issues.
Medium shared on request Other issues with Unit 410 production systems, services or dependencies that could be used to disrupt operations or impact > $10k of value. Non-public vulnerabilities in underlying crypto protocols that can be mitigated.
Low shared on request Security (mis)configuration.
Info none Best practices and other non-critical recommendations.


To be considered for a reward, we'd ask you to refrain from:


Contact us via email: