Avalanche Bridge: Program Info

Scope

In Scope

Target	Type	Severity	Reward
Prod contract address: BTC.b 0x152b9d0fdc40c096757f570a51e494bd4b943e50	Web3	Critical	Bounty
Prod contract address: 1INCH.e 0xd501281565bf7789224523144fe5d98e8b28f267	Web3	Critical	Bounty
Prod contract address: AAVE.e 0x63a72806098bd3d9520cc43356dd78afe5d386d9	Web3	Critical	Bounty
Prod contract address: ALPHA.e 0x2147efff675e4a4ee1c2f918d181cdbd7a8e208f	Web3	Critical	Bounty
Prod contract address: BAT.e 0x98443b96ea4b0858fdf3219cd13e98c7a4690588	Web3	Critical	Bounty
Prod contract address: BUSD.e 0x19860ccb0a68fd4213ab9d8266f7bbf05a8dde98	Web3	Critical	Bounty
Prod contract address: COMP.e 0xc3048e19e76cb9a3aa9d77d8c03c29fc906e2437	Web3	Critical	Bounty
Prod contract address: CRV.e 0x249848beca43ac405b8102ec90dd5f22ca513c06	Web3	Critical	Bounty
Prod contract address: DAI.e 0xd586e7f844cea2f87f50152665bcbc2c279d8d70	Web3	Critical	Bounty
Prod contract address: GRT.e 0x8a0cac13c7da965a312f08ea4229c37869e85cb9	Web3	Critical	Bounty
Prod contract address: LINK.e 0x5947bb275c521040051d82396192181b413227a3	Web3	Critical	Bounty
Prod contract address: MKR.e 0x88128fd4b259552a9a1d457f435a6527aab72d42	Web3	Critical	Bounty
Prod contract address: SHIB.e 0x02d980a0d7af3fb7cf7df8cb35d9edbcf355f665	Web3	Critical	Bounty
Prod contract address: SNX.e 0xbec243c995409e6520d7c41e404da5deba4b209b	Web3	Critical	Bounty
Prod contract address: SUSHI.e 0x37b608519f91f70f2eeb0e5ed9af4061722e4f76	Web3	Critical	Bounty
Prod contract address: SWAP.e 0xc7b5d72c836e718cda8888eaf03707faef675079	Web3	Critical	Bounty
Prod contract address: UMA.e 0x3bd2b1c7ed8d396dbb98ded3aebb41350a5b2339	Web3	Critical	Bounty
Prod contract address: UNI.e 0x8ebaf22b6f053dffeaf46f4dd9efa95d89ba8580	Web3	Critical	Bounty
Prod contract address: USDC.e 0xa7d7079b0fead91f3e65f86e8915cb59c1a4c664	Web3	Critical	Bounty
Prod contract address: USDT.e 0xc7198437980c041c805a1edcba50c1ce5db95118	Web3	Critical	Bounty
Prod contract address: WBTC.e 0x50b7545627a5162f82a992c33b87adc75187b218	Web3	Critical	Bounty
Prod contract address: WETH.e 0x49d5c2bdffac6ce2bfdb6640f4f80f226bc10bab	Web3	Critical	Bounty
Prod contract address: WOO.e 0xabc9547b534519ff73921b1fba6e672b5f58d083	Web3	Critical	Bounty
Prod contract address: YFI.e 0x9eaac1b23d935365bd7b542fe22ceee2922f52dc	Web3	Critical	Bounty
Prod contract address: ZRX.e 0x596fa47043f99a4e0f122243b841e55375cde0d2	Web3	Critical	Bounty
Prod EVM Bridge Enclave Address: Avalanche 0xeb1bb70123b2f43419d070d7fde5618971cc2f8f	Web3	Critical	Bounty
Prod BTC Bridge Enclave Address: Avalanche 0xf5163f69f97b221d50347dd79382f11c6401f1a1	Web3	Critical	Bounty
Prod EVM Bridge Enclave Address: Ethereum 0x8eb8a3b98659cce290402893d0123abb75e3ab28	Web3	Critical	Bounty
Prod BTC Bridge Enclave Address: Bitcoin bc1q2f0tczgrukdxjrhhadpft2fehzpcrwrz549u90	Web3	Critical	Bounty
Testnet bridge front end for testing https://test.core.app/bridge	Web	Critical	Bounty
Testnet EVM Bridge Enclave address: Avalanche: 0x93753a9ea4c9d6eeed9f64ea92e97ce1f5fbaede	Web3	Critical	Bounty
Testnet Bridge Enclave address: Ethereum (Goerli) 0x0d90114dfddac9892cd2da88412b15b929680fe8	Web3	Critical	Bounty
Testnet Bridge Enclave address: Bitcoin tb1q8nur2k3xphnsqa5zxgjl7djtkj3ya0gfs96nxk	Web3	Critical	Bounty
Testnet contract address (subject to change): BTC.b 0x0f2071079315ba5a1c6d5b532a01a132c157ac83	Web3	Critical	Bounty
Testnet contract address (subject to change): DAI.e 0x2f20537c2f5c57231866de9d0ce33d0681a200d4	Web3	Critical	Bounty
Testnet contract address (subject to change): LINK.e 0x1741b9c475e0861a43b03f984928082ac4f3fb95	Web3	Critical	Bounty
Testnet contract address (subject to change): USDC.e 0xdb84a45a28f019970ec46c8acaf2aa8215d6fe4b	Web3	Critical	Bounty
Testnet contract address (subject to change): USDT.e 0xa73c78c12c962e987a8b37f7b2e1e2a5f00f1fe8	Web3	Critical	Bounty
Testnet contract address (subject to change): WBTC.e 0x8a11d879ebe06f475580ea22c5e8cc52772a6872	Web3	Critical	Bounty
Testnet contract address (subject to change): WETH.e 0x678c4c42572ec1c44b144c5a6712b69d2a5d412c	Web3	Critical	Bounty
Prod bridge front end (reporting only - please test on testnet) https://core.app/bridge	Web3	Critical	Bounty
Enclave server (please test on testnet only)	Web	Critical	Bounty
Ava Labs Warden server and blob storage endpoints (please test on testnet only)	Web3	Critical	Bounty
Testnet Bridge Enclave Address: Avalanche 0x9a3789061c69e14ca66251afa0e2efca0e04f1a5	Web3	Critical	Bounty

Out of scope

Target	Type	Severity
Non Ava Labs Warden servers and other infra	Web3	None

Focus Area

In Scope Vulnerabilities

Double minting
Under-collateralizing on the Ethereum side
Any kind of smart contract authority changes
Application level denial-of-service attacks
Unauthorized access to Wardens and Enclave servers
Unauthorized write to public readable-only cloud storage endpoints
Cryptographic vulnerabilities
Leaked secrets or credentials
Web 2.0 vulnerabilities that undermines normal bridge operation, modifies the user interface or can lead to stolen funds

Out of Scope Vulnerabilities

Third-party Warden hosts and infrastructure
Transaction privacy
Social engineering, phishing and scams, including Self-XSS
SGX vulnerabilities (unless remotely exploitable with a POC)
Discovery of unpublished server IP or service endpoints

Program Rules

Program Rules

All Avalanche General program rules apply.
For the Avalanche Bridge, you are welcome to report any vulnerabilities you come across during normal interactions with the production Bridge at https://core.app/bridge. However, you must only perform security testing and develop PoCs on the testnet Bridge https://test.core.app/bridge .
Please note: In cases where a size the the reward exceeds an equivalent of 10,000 USD, Avalanche is entitled to make the payment in one-year locked AVAX at the rate calculated based on a weighted average price of AVAX during 90 calendar days preceding the date of the respective validated report.

Scope

In Scope

Prod contract address: BTC.b

Prod contract address: 1INCH.e

Prod contract address: AAVE.e

Prod contract address: ALPHA.e

Prod contract address: BAT.e

Prod contract address: BUSD.e

Prod contract address: COMP.e

Prod contract address: CRV.e

Prod contract address: DAI.e

Prod contract address: GRT.e

Prod contract address: LINK.e

Prod contract address: MKR.e

Prod contract address: SHIB.e

Prod contract address: SNX.e

Prod contract address: SUSHI.e

Prod contract address: SWAP.e

Prod contract address: UMA.e

Prod contract address: UNI.e

Prod contract address: USDC.e

Prod contract address: USDT.e

Prod contract address: WBTC.e

Prod contract address: WETH.e

Prod contract address: WOO.e

Prod contract address: YFI.e

Prod contract address: ZRX.e

Prod EVM Bridge Enclave Address: Avalanche

Prod BTC Bridge Enclave Address: Avalanche

Prod EVM Bridge Enclave Address: Ethereum

Prod BTC Bridge Enclave Address: Bitcoin

Testnet bridge front end for testing

Testnet EVM Bridge Enclave address: Avalanche:

Testnet Bridge Enclave address: Ethereum (Goerli)

Testnet Bridge Enclave address: Bitcoin

Testnet contract address (subject to change): BTC.b

Testnet contract address (subject to change): DAI.e

Testnet contract address (subject to change): LINK.e

Testnet contract address (subject to change): USDC.e

Testnet contract address (subject to change): USDT.e

Testnet contract address (subject to change): WBTC.e

Testnet contract address (subject to change): WETH.e

Prod bridge front end (reporting only - please test on testnet)

Enclave server (please test on testnet only)

Ava Labs Warden server and blob storage endpoints (please test on testnet only)

Testnet Bridge Enclave Address: Avalanche

Out of scope

Non Ava Labs Warden servers and other infra

Focus Area

Program Rules

Rewards

Range of bounty

Severity

Stats

Categories

Types

Hackers (17)

SLA (Service Level Agreement) Time within which the program's triage team must respond

SLA
(Service Level Agreement)

Time within which the program's triage team must respond