Introducing the Hummingbot bug bounty program

Blog»Introducing the Hummingbot bug bounty program

Yingdan Liang

2019-04-16 · 2 min read

Since Hummingbot is experimental, beta software that can be run in many different user configurations and markets, we are leveraging the power of our community to help us identify and properly handle all the edge cases which may arise.

As a small token of our appreciation for users who invest their time and effort to try out Hummingbot and report the issues they encounter, we are excited to announce a bounty program for reward users who help improve Hummingbot's stability and reliability!


The public, open source Hummingbot code base.


We will pay bug reporters 0.1 ETH for any bug reported that meets the following criteria:

  • It has a different root cause than any other bug reported by other users

  • Reporter follows the submission guidelines below (see Submission)

  • We decide to fix the bug

In addition, we may add a discretionary bonus to bugs that entail security vulnerabilities, depending on the severity of the vulnerability.

Bounty Rules and Guidelines

  • Bounties are awarded on a first-report basis

  • We ask that you do not use vulnerabilities or errors you come across for purposes other than your own investigation

  • We ask that you do not publicize or disclose to any third parties any details of security vulnerabilities until hummingbot remove those issues

  • All bounties and rewards will be subject to the sole discretion of the Hummingbot team


  • For security vulnerabilities : Email the description of the issue to us at 

  • For all other bugs : Submit a Bug Report in our Github repo

  • Please follow the template and include detailed descriptions of the bug, steps to reproduction, supporting artifacts such as screenshots, logs, configuration settings, and suggested fixes, if any

  • Privacy : We pledge that we will not use your information for trading purposes or share your personal information with third parties


The Hummingbot team will investigate your report within 24 hours, contact you to discuss the issue, and send 0.1 ETH to your Ethereum wallet once the team decides to fix the bug that you reported.

We will publish a list of reported bugs and their status in the Hummingbot documentation.

Happy 🐞 hunting!

Related Posts

Liquidity Mining: November recap
Liquidity Mining: November recap
Harmony and Hummingbot launch ONE Liquidity DAO
Harmony and Hummingbot launch ONE Liquidity DAO
Liquidity Mining: October recap
Liquidity Mining: October recap

DISCLAIMER: The websites located at,, (collectively, the "Site") are copyrighted works belonging to CoinAlpha, Inc. ("Company", "us", "our", and "we"). Certain features of the Site may be subject to additional guidelines, terms, or rules, which will be posted on the Site in connection with such features. All such additional terms, guidelines, and rules are incorporated by reference into these Terms. These terms of use (these "Terms") set forth the legally binding terms and conditions that govern your use of the Site. By accessing or using the Site, you are accepting these Terms (on behalf of yourself or the entity that you represent), and you represent and warrant that you have the right, authority, and capacity to enter into these terms (on behalf of yourself or the entity that you represent). You may not access or use the Site or accept the terms if you are not at least 18 years old. If you do not agree with all of the provisions of these terms, do not access and/or use the Site.