Currently, Plume does not have an official bug bounty policy. We will be working with Immunefi to launch an official bug bounty in the coming weeks before our mainnet launch.

In the meantime, please send all security vulnerability reports to [email protected]. Legitimate security vulnerabilities will be rewarded in USDC.

Do not send us any vulnerability reports about dangling subdomains unless you can demonstrate a takeover, specifically for the following subdomains which are obviously active:

• https://forms.plumenetwork.xyz/careers

• https://assets.plumenetwork.xyz/images/logos/plume.png