About

Sky Mavis recognizes the importance and value of security researchers’ efforts in helping keep our community safe. We encourage responsible disclosure of security vulnerabilities via our bug bounty program (“Bug Bounty Program”) described on this page.

Note: This program is for the disclosure of software security vulnerabilities only. If you believe your Sky Mavis account has been compromised, change your password and immediately contact support via the link: https://support.axieinfinity.com/hc/en-us

Policy

At Sky Mavis, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Sky Mavis ecosystem.

This bounty brief describes the rules of the Sky Mavis bug bounty program, as well as the eligibility of vulnerabilities and the rewards.

For more information about Sky Mavis, please visit https://skymavis.com

Please follow the Sky Mavis Disclosure Guidelines.

Respect the privacy of our users and please confine your testing to your own team during the bug investigation process.

Rewards/Ratings

This program takes reference from the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings. Prioritization/ratings may vary from the Bugcrowd Vulnerability Rating Taxonomy.

Rewards will be paid out in AXS

Six months vesting period with monthly unlocks for fatal bounties.

Once your submission is accepted, please provide either of the following to receive your reward.