At MetaMask, security is considered core in development. As part of its ongoing effort to keep users as safe as possible, MetaMask has partnered with HackerOne for a security bonus program. It is considered a leading company in Attack Resistance Management (ARM).
HackerOne will combine the security expertise of ethical hackers along with asset discovery, ongoing evaluation, and process enhancement to find and narrow vulnerabilities amid growing digital attacks. Ethical hackers thus have the opportunity to disclose wallet vulnerabilities to the MetaMask team, while also receiving rewards for their efforts.
The program follows MetaMask's recent partnership with Asset Reality to help victims of fraud recover stolen property.
MetaMask is already aware of a lot of instances of scams taking place in Web3, and this is considered one of many improvements they have made recently to combat nefarious activities that could harm the industry.
If you think you've identified potential security vulnerabilities in MetaMask products and services, follow these steps:
- Create a HackerOne account
- Submit a report detailing your discovery through the platform, which contains clear, concise steps that can be reconstructed or contain a proof of concept that works
- MetaMask will handle the issues carefully and not publicly disclose as this is considered a private program.
The team will do their best to address all vulnerabilities as soon as possible and coordinate the publication of the findings with the researcher.
The reward will be based on the severity of each CVSS (Common Vulnerability Grading Standard).
Please note that these are general guidelines and the reward decision will depend on MetaMask's decision.
Source: Consensys
