Join ARPA’s Bug Bounty Program with Immunefi — Up to $50,000 in Rewards!

ARPA Official
3 min readDec 12, 2023

Dear Developers,

We’re excited to announce the launch of the ARPA Network Bug Bounty Program in partnership with Immunefi, web3’s leading bug bounty platform. This program is a testament to our commitment to security and the continuous improvement of the ARPA ecosystem.

Program Overview

ARPA Network, crafted by a team of cryptographers, engineers, and entrepreneurs, is dedicated to building a decentralized blockchain ecosystem. This Bug Bounty Program is an integral part of our security measures, inviting whitehat hackers and security researchers to help us identify potential vulnerabilities. Feel free to take a closer look at the “Developers” section of our website for the complete list of tech documents before starting debugging.

Program Highlights

  • Live Date: December 12th, 2023
  • Maximum of USD 50,000 for critical smart contract bugs.
  • Rewards vary based on the threat level. See the detailed reward structure here.
  • Scope: Primarily focused on blockchain/DLT, smart contracts, and websites/applications. For detailed assets in scope, visit ARPA’s GitHub and Immunefi’s Program Page.
  • Out-of-scope items include attacks on test files, basic economic and governance attacks, and vulnerabilities requiring privileged access, among others.
  • KYC is required to receive a reward (details required: legal name, email, phone number). KYC is only required upon confirmation of a valid bug report.

Rewards Structure

  • Critical Bugs: Up to $50,000 for smart contract vulnerabilities, and up to $10,000 for Blockchain/DLT, website, and application bugs.
  • Other Categories: Different reward tiers for various severity levels (high, medium).
  • Payment: Rewards are paid in a combination of USDT and ARPA tokens, based on the average price from CoinMarketCap and CoinGecko at the time of report submission.

How to Submit

  • Find a bug within the specified scope.
  • Create a detailed report including a Proof of Concept (PoC).
  • All PoCs submitted must comply with the Immunefi-wide PoC Guidelines and Rules. Bug report submissions without a PoC when a PoC is required will not be provided with a reward.
  • Submit your report through Immunefi’s platform.

Important Considerations

  • Known Issue Assurance: We disclose known issues publicly or at the very least privately via a self-reported bug submission in order to allow for a more objective and streamlined mediation process to prove that an issue is known.
  • Repeatable Attack Limitations: In cases of repeatable attacks for smart contract bugs, only the first attack will be counted, regardless of whether the smart contract is upgradable, pausable, or killable.
  • Out of Scope & Rules: Certain impacts and activities are excluded (details on our Program Page)

This is not just a chance to earn rewards but also to contribute to the security and robustness of the ARPA Network. We value your expertise and are excited to see your contributions.

Ready to dive in? Check out the full details on our Program Page and start exploring!

Best regards,

The ARPA Team

About ARPA

ARPA Network (ARPA) is a decentralized secure computation network built to improve the fairness, security, and privacy of blockchains. ARPA threshold BLS signature network serves as the infrastructure of verifiable Random Number Generator (RNG), secure wallet, cross-chain bridge, and decentralized custody across multiple blockchains.

ARPA was previously known as ARPA Chain, a privacy-preserving Multi-party Computation (MPC) network founded in 2018. ARPA Mainnet has completed over 224,000 computation tasks in the past years. Our experience in MPC and other cryptography laid the foundation for our innovative threshold BLS signature schemes (TSS-BLS) system design and led us to today’s ARPA Network.

Randcast, a verifiable Random Number Generator (RNG), is the first application that leverages ARPA as infrastructure. Randcast offers a cryptographically generated random source with superior security and low cost compared to other solutions. Metaverse, game, lottery, NFT minting and whitelisting, key generation, and blockchain validator task distribution can benefit from Randcast’s tamper-proof randomness.

For more information about ARPA or to join our team, please contact us at

Learn about ARPA’s recent official news:

Twitter: @arpaofficial



Telegram (English):

Telegram (Turkish):

Telegram (Việt Nam):

Telegram (Russian):

Telegram (Indonesian):

Telegram(Sri Lanka):





ARPA Official

ARPA is a privacy-preserving blockchain infrastructure enabled by MPC. Learn more at