💡
Virtuals Protocol Whitepaper
Enter AppBuy Token
  • ABOUT VIRTUALS
    • About Virtuals Protocol
    • Agent Commerce Protocol
      • Technical Deep Dive
      • Full Research Paper
      • Current Status
    • Tokenization Platform
      • Modes
      • Genesis Launch
        • Genesis Points
        • Genesis Allocation Mechanics
        • Genesis Refund Policy
    • Agentic Framework (GAME)
      • GAME Documentation
  • INFO HUB
    • Builders Hub
    • Virgens Hub
      • How to Link Your X Account for Virgen Points
    • $VIRTUAL
      • Token Distribution
    • Protocol Metrics
    • Core Contributors
      • Select Research Work
    • Important Links & Resources
      • Security Audits
        • Security Policy - Responsible Disclosure
      • Contract Address
      • Further Reading
    • Editorial Style Guide / Brand Kit
Powered by GitBook
On this page
  • Reporting a Vulnerability
  • What is in scope
  • Recognition
  • Contact
  1. INFO HUB
  2. Important Links & Resources
  3. Security Audits

Security Policy - Responsible Disclosure

PreviousSecurity AuditsNextContract Address

We are currently actively working with to come up with a comprehensive bug bounty program.

Reporting a Vulnerability

We take security at seriously. We have paid out over $30,000 in bounties (as of 16 January 2025), and we thank the community of security researchers reporting bugs responsibly to us. If you believe you have found a security vulnerability, please report it to us by sending an email to: with:

  • A detailed description of the vulnerability

  • Steps to reproduce

  • Potential impact of the vulnerability

  • Any possible methods to mitigate that you have identified

What happens next?

  • An initial response in 24 hours to acknowledge that we have received your report

  • Updates are provided every 3 business days about progress

  • Resolution no later than 15 days for critical issues

  • We will coordinate public disclosure timing with you

Please do not blog/post on X/etc. until after we have fixed the issue, and coordinated public disclosure with you.

What is in scope

Everything the Virtuals Protocol touches, is in scope. This includes, but is not limited to:

  • the smart contract

  • our SDKs

Recognition

We recognise security researchers who help improve the security of our critical infrastructure. Contributors are:

  • Credited in security acknowledgements

  • Paid a bounty for finding security issues

How are bounties determined?

  • Quality of description: provide a well-written submission

  • Reproducibility: please include a proof of concept (POC) to ensure that we can repeat this, and you can be rewarded. Code, scripts, and details matter! The easier to reproduce, the better the reward.

  • Quality of fix: you will get a higher reward if you also include a fix, thus easing our engineering burden.

Contact

production ready code in our repos, e.g. ,

With all that, we use the to come up with a fair payment.

Security issues:

Immunefi
Virtuals Protocol
security@virtuals.io
Virtuals Protocol
G.A.M.E
CVSS Score
security@virtuals.io