Join the movement and participate on Uniswap.
Participate

Bug Bounty Program

Improve the security of Auki’s applications including the posemesh and Auki’s corporate work tools and earn rewards.

Join the DiscordEmail usLearn to build on the posemesh

The Program.

Auki provides different levels of compensations (referred to as bounties below) for findings to incentivise the public to help out finding issues. Auki doesn’t provide any compensation if the application wasn’t developed by Auki Labs or if the issue has already been reported.

Applications
Console
View
Posemesh dashboard
View
Auki API
api.auki.network
Domain & Email

related issues regarding domain or email: aukilabs.com, posemesh.org, auki.ai, aukiverse.com or auki.network

Domain Discovery Service (DDS) API
dds.auki.network
Hagall Discovery Service (HDS) API
hds.auki.network
Domain Server
Github
Relay Server
Github
Official AUKI related smart contracts
UUPS AUKI token contract + implementation
0xf9569cfb8fd265e91aa478d86ae8c78b8af55df4
0x408be34f38be0ccd19f3acfe76c0b0ff658edfcf
UUPS reward liquidity pool contract + implementation
0x7335fd019d13e70b39c735dac68b3e827feddcb1
0x6bc46ce6bf26cafffa1faeb2fdab6b916efbd68c
UUPS burn contract + implementation
0xee742b4aeac981c305a516197f0d00e6e2e48f3f
0x47ea18561b39a1659764534b7a95af269a464380
UUPS relay staking contract + implementation
0xa5e933d7457409f1c3a5e76483c3ad2736b41276
0x8fbcf9df603b1c1514a370cd46a3e60518185f6c
UUPS dedicated domain server staking contract + implementation
0xda44123c0fc29a3c2e968d7b2458a5e52bdc99bb
0xd4f5433416be0311909f5771931c038362f7e047
UUPS public domain server staking contract + implementation
0x44bd107ec873f073c899c0f78f79faf6762d78b5
0x59138b230a95ef57ab307923e90f6826fb8b6764
UUPS posemesh soul-bound token contract + implementation
0x3db4fb591a09951ca5491b3620ec37296fff94ab
0xe10479e50c6a5c90c6708b8a02dad4e0a53ae9b3
UUPS Floorcraft NFT contract + implementation
0xe664b8B0BE6C4dAeA83C44b77Da6106313728F39
0x26b38408846065524a0d493b97df2a94983a796a
Non-qualifying applications
Auki Labs website

Reason: It’s managed by a 3rd party, please refer to their security bug disclosure policy.

Payout methodology

One payout per root cause
If multiple vulnerabilities stem from the same root cause (e.g., insecure authentication), they will be grouped together and rewarded as a single bounty. The same applies if the same vulnerability is found in more than one application.

Separate payouts for independent issues
If issues are distinct (e.g., CSP misconfiguration in one application and SQL injection in another), they will be treated as separate findings with separate bounties.

Bundle for same application
If multiple smaller issues are reported for a single application in one submission, they will be grouped together as a single payout proportional to the overall impact.

Final decision clause
Auki Labs reserves the right to make the final determination in cases of disputes regarding bounty eligibility, severity grading, or payout amounts. This ensures consistency and fairness while addressing unique cases or interpretations that may arise.

Severity levels
The severity levels are not based on the Common Vulnerability Scoring System (CVSS) but rather on the potential impact on Auki’s business with the different domain names or applications taken into consideration. For example, a vulnerability found in a support system is less severe than one found in the core systems.

Bounties

Bounties can be paid out in the USDC amount described in the table below or in the equivalent amount of AUKI tokens at the time of the payout.

Severity
Example
Bounty
Critical

Unauthorized access to sensitive data, critical smart contract vulnerabilities, RCEs (remote code execution).

2,000
High

SQL injection, significant privilege escalation, major authentication bypass.

1,000
Medium

Minor privilege escalation, reflected XSS, or logic issues with moderate impact.

500
Low

CSP misconfigurations, verbose error messages, or minor misconfigurations.

200
Informational

Issues with no immediate security impact (e.g., missing security headers).

Discretionary

How to report issues

Open a support ticket on our Discord server or sendan email to security@aukilabs.com

Join the DiscordEmail usLearn to build on the posemesh

Auki grants program FAQ

Can I reapply with the same project?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

Who makes decisions on applications?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

What materials are needed to apply?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

What language must submission be in?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

What criteria do you use to select grant recipients?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

Are there any countries or territories prohibited from applying?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

Are there any content restrictions on eligible applications?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

What are the requirements of the grant?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

What type of projects are eligible to apply?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam efficitur justo ac augue aliquet dapibus. Etiam dictum cursus orci, a eleifend dolor scelerisque nec. Sed ullamcorper sollicitudin lorem, at placerat ligula accumsan sit amet. Aenean consequat, tortor eget varius feugiat, ante arcu rutrum velit, vel venenatis sapien augue in ipsum.

Explore resources and tutorials to help you build with the posemesh SDK.

Auki SDK essentials
Learn about the core features of the Auki SDK and our philosophy on spatial computing and privacy that underpins it.
Learn more
SDK components 101
An overview of the modules and packages you'll use to craft your shared and persistent AR apps.
Learn more
Quickstart guide
Setting up your development environment is easy and only takes a few minutes.
Learn more
Language:
English
日本語
简体中文
The Auki Labs logo.

Protocol

LearnCreate a domainParticipateWhitepaperTokenomicsNetwork trackerGitHub

Developers

Start buildingLearning centerDocumentationGrants

Solutions

For retailFor propertyFor eventsCactusGotuMcKennaFloorcraft

Company

AboutCareersAuki storeTerms of ServicePrivacy policy

Useful links

News & blogPressContact usData deletionBug bounty program

Community

DiscoverDiscordTwitterTelegramYoutube

© 2024 Auki Labs Limited. All rights reserved.