Bug Bounty

Euphoria rewards security researchers who help keep the platform safe.

How to Report

Email security@euphoria.finance with a clear description of the vulnerability, reproduction steps, and your assessment of the impact. We aim to acknowledge reports within 48 hours.

Rewards

Rewards are paid in USDM and scale with severity, impact, and report quality. Final amounts are at Euphoria's discretion.

Scope

In scope: Euphoria smart contracts, the web app, mobile PWA, Telegram mini app, and API.

Out of scope: third-party services, testnet environments, social engineering, and denial-of-service attacks.

Disclosure

Do not disclose vulnerabilities publicly before a fix is deployed, and do not exploit them beyond what is necessary to demonstrate impact. Researchers acting in good faith under this policy will not face legal action from Euphoria.