About ProofOfRep

What this is

A public reputation board for web3 bug bounty programs and bounty platforms. Security researchers post evidence of how a project handled a vulnerability report — fairly, or unfairly.

Why it exists

The goal isn't to shame protocols — it's to protect users. Every unpaid valid bug is a researcher pushed away from a protocol that needs them. Researcher time is finite; it should flow toward programs that engage in good faith. ProofOfRep makes that signal public so the ecosystem self-corrects.

Researchers regularly experience: valid bugs marked "duplicate" with no proof, severity downgrades that gut a payout, indefinite review periods, and silent rejections. There is no public record. ProofOfRep builds one.

How submissions work

1. Sign in with Discord.
2. Pick a project — protocol or bounty platform.
3. Choose direction (positive or negative reputation).
4. Write a clear reason and attach proof (public link or screenshot). Proof is mandatory.
5. Provide your public handle (X, Cantina, Code4rena, Sherlock, etc.).
6. An admin reviews each submission before it appears publicly.

Disclaimer

Submissions are opinions of contributors, not statements of fact. Projects listed are encouraged to respond. Defamatory, harassing, or evidence-less content will be rejected. To request removal of content, DM @0xAlexSR on X.