Core: Program Info

Triaged by HackenProof

Ended 152 days ago

This program has moved to ImmuneFi effective December 4, 2023:

https://immunefi.com/bounty/avalabs/

Scope

In Scope

Target	Type	Severity	Reward
Core Browser Extension https://chrome.google.com/webstore/detail/core/agoakfejjabomempkjlepdflaleeobhb	Other	Critical	Bounty
Core Web Wallet https://core.app/	Web3	Critical	Bounty
Core Android App https://play.google.com/store/apps/details?id=com.avaxwallet	Android	Critical	Bounty

Out of scope

Target	Type	Severity
Legacy Web wallet https://wallet.avax.network/	Web3	None

Focus Area

In Scope Vulnerabilities

Remote attacks that lead to loss of funds
User interface tampering, e.g. unauthorized change to a smart contract address
Attacks due to malicious contents embedded in transaction data (e.g. malicious NFTs)
Secrets / private key compromise
Cryptographic flaws
Infrastructure vulnerabilities or misconfiguration

Out of Scope Vulnerabilities

Out of scope vulnerabilities in Avalanche General
Attacks requiring physical access to the victim’s device
Social engineering, phishing, scams
Vulnerabilities in to the underlying platform/environment, e.g. web browser, mobile OS, microarchitectural (SPECTRE/MELTDOWN) attacks
Attacks depending on rooted/jailbroken devices
Transaction privacy
Dependency takeovers

Program Rules

All Avalanche General program rules apply
The severity of the report may be adjusted taking into account the alpha/beta release status of the application

Rewards

Range of bounty

$100 - $10,000

Severity

Critical

$5,000 - $10,000

High

$1,000 - $5,000

Medium

$500 - $1,000

Low

$100 - $500

Stats

$7,900

13

Categories

Tools DeFi Platform Wallet

Types

web mobile blockchain

Name

Rank

1

2

ca caue-ottersec

2

4

SLA
(Service Level Agreement)

Time within which the program's triage team must respond

Response Type

Business days

First Response

3 d

Triage Time

5 d

Reward Time

14 d

Resolution Time

30 d