Immunefi
Blog
Platform
Bug Bounty ProgramsPR ReviewsAuditsAudit CompetitionsInvite OnlySafe HarborVaultsManaged TriageHelp Center
Security Researchers

Join Immunefi

Find bugs. Get paid.

Immunefi Profile PicHacker PledgingHelp for WhitehatsAll StarsLearnLeaderboardImmunefi Top 10 BugsWhitehat AwardsWhitehat Hall of FameCompetition FindingsResponsible Publication
Token
FoundationInstitutionalDocsIR ContactBuy IMU
LoginExplore BountiesGet Protected
Back to Explore
The Graph-logo

The Graph

|

The Graph is an indexing protocol for querying decentralized data from multiple blockchains and storage solutions such as IPFS. It is a decentralized network comprised of multiple stakeholders incentivized to build and offer an efficient and reliable open data marketplace, through GraphQL-based APIs.

Arbitrum
ETH
Blockchain
Infrastructure
Services
Staking
Go
Rust
Solidity
Typescript
Maximum Bounty
$50,000
Live Since
04 August 2021
Last Updated
03 April 2026

  • Triaged by Immunefi

  • PoC Required

  • Vault program

  • KYC required

Submit a Bug
InformationScopeResources

Documentation

Title
Past Security Audits
Description
A list of all security audits performed since 2020.
Link
Title
Security Audit: Protocol Issuance Changes
Description
A list of all security audits related to Issuance changes. Note: it is likely that some of the audits here are related to protocol upgrades not yet deployed on mainnet, which means ineligible for rewards until listed as an asset in scope.
Link
Title
Security Audit: Horizon Protocol Upgrade
Description
A list of all security audits related to the Horizon upgrade since 2024
Link
Title
Smart Contracts
Description
Each Smart Contract in scope has its own documentation (README.md)
Link
Title
The Graph Docs
Description
Overall documentation about The Graph
Link
Go to Audits & Known Issues
Assets Body

Note on Smart Contracts: Any vulnerabilities mentioned in public audits that have not been fixed are ineligible for a reward in the Bug Bounty Program.

Occasionally, the Graph Foundation may, but is not required to, make an exception and reward disclosure of an out-of-scope impact that would have a material negative impact on the brand or goodwill of The Graph. Whether to make such an exception, as well as the size of the reward for such an exception, is in The Graph Foundation’s sole and final discretion.