We work hard to make sure our systems are bug-free, but acknowledge that we might not catch them all. We call on our community and all bug bounty hunters to help identify bugs in the protocols and software. If you discover a bug, we appreciate your cooperation in responsibly investigating and reporting it to us so that we can address it as soon as possible.
Our Parity Bug Bounty Program allows us to recognise and reward members of the Parity community for helping us find and address significant bugs, in accordance with the terms of the Parity Bug Bounty Program set out below.
Responsible investigation and reporting includes, but isn't limited to, the following:
Generally speaking, any bug that poses a significant vulnerability, either to the soundness of protocols and protocol/implementation compliance to network security, to classical client security as well as security of cryptographic primitives, could be eligible for reward. In addition, security issues with certain services that Parity offer are in scope as well, see below. Please note that it's entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
The Parity Bug Bounty Program covers security issues identified in the following sets of protocols, code bases and services:
Bug Bounty Hunter program rewards are at the sole discretion of Parity Technologies.
Once the issue has been submitted, our team will review the information, assign a severity level (that may or may not be similar to your choice) and redirect this to one member of the Bug Bounty Program team, who will contact you with more details on the next steps. You will be asked to send proof of identity and an ETH/BTC address to be rewarded. You will get rewarded from the bug bounty wallet created for this program.
The Parity Bug Bounty Program is a discretionary rewards program for our active community to encourage and reward those who are helping to improve Parity’s software. It is not a competition. We can cancel the program at any time and awards are at the sole discretion of Parity Technologies development team. In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists. You are responsible for all taxes payable in connection with the receipt of any rewards. All rewards are subject to the laws of England and Wales. Finally, your testing must not violate any law or compromise any data that is not yours.
We will do our best to respond to your submission as quickly as possible, keep you updated on the fix, and award a bounty where appropriate. If you do your best to follow these guidelines in discovering and disclosing a vulnerability, we will not consider your actions as an attack and won’t take any legal action against you.
Any obligations arising out of or in connection with the Parity Bug Bounty Program or its subject matter will be governed by and construed in accordance with the law of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Parity Bug Bounty Program.
Parity Technologies would like to allow its users and supporters to make a financial contribution to help it in its mission: developing the fastest and most secure way of interacting with the Ethereum network.
Contributions will be used by Parity Technologies to reward Bug Bounty-hunters under its Bug Bounty Program (each a “Contribution”), as described in the Bug Bounty Program Terms and Conditions.
These Bug Bounty Contribution Terms & Conditions govern the relationship between Parity and each contributor.
Contributors who are individuals must be aged 18 or over. Each contributor represents and undertakes to comply with all local and relevant laws. Parity disclaims all liability (to the fullest extent possible at law) for any liabilities that might arise.
Parity reserves the right to:
By making a Contribution, contributors agree and acknowledge that:
All Contributions will be made through https://paritytech.io. Contributions will be accepted by Parity Technologies for the period during which this site is live.
Contributions received by Parity will be deposited in a wallet created specifically for the Bug Bounty Program under address 0x00f1C77935AC482fC075B55b5990E86ea40851Bb:
Each Contribution will be identifiable by a unique merchant identification number and accounted for separately by Parity.
Once a Contribution is received by Parity, Parity will be legally and beneficially entitled to the full amount of the Contribution and contributors will have no entitlement to the return of a Contribution in any circumstance other than as specified in these Bug Bounty Contribution Terms & Conditions.
Contributors will receive no benefit in return for any Contribution and shall have no rights to influence the work of Parity.
Contributions to Parity are not charitable donations under the law of England & Wales and, as far as Parity is aware, contributors will not be entitled to any tax relief or “gift aid” in respect of any Contributions in the United Kingdom or in any other jurisdiction worldwide.
Parity reserves the right to refuse and return any Contribution in its absolute discretion. Contributors will be entitled to receive a refund of a Contribution for up to 14 days after receipt of payment by notifying Parity by email at [email protected] Any requests for a refund of a Contribution received by Parity following expiry of the 14-day period will be ineligible.
Any refused or returned Contributions will be repaid into the wallet from which the Contribution was made.
Contributors shall not be entitled to publicise their Contribution without the prior written consent of Parity Technologies.
Any personal information about a contributor obtained by Parity as a result of a Contribution being made will only be used to process the Contribution.
Neither Parity Technologies nor any affiliated person, employee, agent, officer or director shall be liable for any loss suffered by any contributor or other person arising out of or in connection with a Contribution, whether direct or indirect, including loss of revenue, loss of profits, loss of business or anticipated savings, loss of use, loss of goodwill, loss of data, and whether caused by tort (including negligence), breach of contract or otherwise, except in respect of any liability for death or personal injury or any other liability which cannot be excluded or limited under applicable law.
If Parity Technologies fails to assert a right or provision under these Bug Bounty Program Terms & Conditions, it will not constitute a waiver of that right or provision.
These Bug Bounty Program Terms & Conditions are between Parity Technologies and Contributors. They are not intended to confer any contractual benefit on any other person pursuant to the terms of the Contracts (Rights of Third Parties) Act 1999.
Each paragraph of these Bug Bounty Program Terms & Conditions operates separately. If any provision of these Bug Bounty Program Terms & Conditions is held by a court of competent jurisdiction to be invalid, illegal or unenforceable for any reason, that provision shall be eliminated or limited to the minimum extent such that the remaining provisions of these Bug Bounty Program Terms & Conditions will continue in full force and effect.
These Bug Bounty Program Terms & Conditions, as may be amended from time-to-time, constitute the entire agreement between the contributor and Parity Technologies in respect of any Contributions made by that Contributor.
These Bug Bounty Program Terms & Conditions and any non-contractual obligations arising out of or in connection with them or their subject matter will be governed by and construed in accordance with the law of England and Wales.
Each Contributor and Parity Technologies irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this agreement, its subject matter or formation.