Yala Bug Bounty Program

Yala Protocol secures Bitcoin assets. Security failures mean user losses. We need community help finding vulnerabilities.

Report Scope Smart contract bugs, cross-chain issues, cryptographic flaws, economic attacks, infrastructure problems.

How to Report Email [email protected] with: vulnerability description, impact assessment, reproduction steps, your contact info.

Our Process Acknowledge within 24 hours, assess within 72 hours, then investigate, fix, and coordinate disclosure.

Rules Don't exploit beyond proof-of-concept. Don't access user funds. Don't disrupt operations. Give us time to fix before going public.

Rewards Critical: up to $250k. High: up to $50k. Medium: up to $10k. Low: up to $2k. Based on severity, report quality, impact, uniqueness.

Contact [email protected] (mark urgent issues "URGENT")