The Avalanche Bridge (AB) connects directly to your wallet for fast, cheap, & secure transfers of Ethereum and Bitcoin assets to and from Avalanche.
Note to hackers: Please only test on the testnet bridge at https://bridge.avax-test.network/login (see program rules for details).
In Scope
Target | Type | Severity | Reward |
---|---|---|---|
Prod contract addresses: BTC.b0x152b9d0fdc40c096757f570a51e494bd4b943e50 |
Web3 | Critical | Bounty |
Prod contract addresses: 1INCH.e0xd501281565bf7789224523144fe5d98e8b28f267 |
Web3 | Critical | Bounty |
Prod contract addresses: AAVE.e0x63a72806098bd3d9520cc43356dd78afe5d386d9 |
Web3 | Critical | Bounty |
Prod contract addresses: ALPHA.e0x2147efff675e4a4ee1c2f918d181cdbd7a8e208f |
Web3 | Critical | Bounty |
Prod contract addresses: BAT.e0x98443b96ea4b0858fdf3219cd13e98c7a4690588 |
Web3 | Critical | Bounty |
Prod contract addresses: BUSD.e0x19860ccb0a68fd4213ab9d8266f7bbf05a8dde98 |
Web3 | Critical | Bounty |
Prod contract addresses: COMP.e0xc3048e19e76cb9a3aa9d77d8c03c29fc906e2437 |
Web3 | Critical | Bounty |
Prod contract addresses: CRV.e0x249848beca43ac405b8102ec90dd5f22ca513c06 |
Web3 | Critical | Bounty |
Prod contract addresses: DAI.e0xd586e7f844cea2f87f50152665bcbc2c279d8d70 |
Web3 | Critical | Bounty |
Prod contract addresses: GRT.e0x8a0cac13c7da965a312f08ea4229c37869e85cb9 |
Web3 | Critical | Bounty |
Prod contract addresses: LINK.e0x5947bb275c521040051d82396192181b413227a3 |
Web3 | Critical | Bounty |
Prod contract addresses: MKR.e0x88128fd4b259552a9a1d457f435a6527aab72d42 |
Web3 | Critical | Bounty |
Prod contract addresses: SHIB.e0x02d980a0d7af3fb7cf7df8cb35d9edbcf355f665 |
Web3 | Critical | Bounty |
Prod contract addresses: SNX.e0xbec243c995409e6520d7c41e404da5deba4b209b |
Web3 | Critical | Bounty |
Prod contract addresses: SUSHI.e0x37b608519f91f70f2eeb0e5ed9af4061722e4f76 |
Web3 | Critical | Bounty |
Prod contract addresses: SWAP.e0xc7b5d72c836e718cda8888eaf03707faef675079 |
Web3 | Critical | Bounty |
Prod contract addresses: UMA.e0x3bd2b1c7ed8d396dbb98ded3aebb41350a5b2339 |
Web3 | Critical | Bounty |
Prod contract addresses: UNI.e0x8ebaf22b6f053dffeaf46f4dd9efa95d89ba8580 |
Web3 | Critical | Bounty |
Prod contract addresses: USDC.e0xa7d7079b0fead91f3e65f86e8915cb59c1a4c664 |
Web3 | Critical | Bounty |
Prod contract addresses: USDT.e0xc7198437980c041c805a1edcba50c1ce5db95118 |
Web3 | Critical | Bounty |
Prod contract addresses: WBTC.e0x50b7545627a5162f82a992c33b87adc75187b218 |
Web3 | Critical | Bounty |
Prod contract addresses: WETH.e0x49d5c2bdffac6ce2bfdb6640f4f80f226bc10bab |
Web3 | Critical | Bounty |
Prod contract addresses: WOO.e0xabc9547b534519ff73921b1fba6e672b5f58d083 |
Web3 | Critical | Bounty |
Prod contract addresses: YFI.e0x9eaac1b23d935365bd7b542fe22ceee2922f52dc |
Web3 | Critical | Bounty |
Prod contract addresses: ZRX.e0x596fa47043f99a4e0f122243b841e55375cde0d2 |
Web3 | Critical | Bounty |
Prod Bridge Enclave Addresses: Avalanche0xeb1bb70123b2f43419d070d7fde5618971cc2f8f |
Web3 | Critical | Bounty |
Prod Bridge Enclave Addresses: Avalanche0xf5163f69f97b221d50347dd79382f11c6401f1a1 |
Web3 | Critical | Bounty |
Prod Bridge Enclave Addresses: Ethereum0x8eb8a3b98659cce290402893d0123abb75e3ab28 |
Web3 | Critical | Bounty |
Prod Bridge Enclave Addresses: Bitcoinbc1q2f0tczgrukdxjrhhadpft2fehzpcrwrz549u90 |
Web3 | Critical | Bounty |
Testnet bridge front end for testing |
Web | Critical | Bounty |
Testnet Bridge Enclave Addresses: Avalanche0x59c35594563fc2c9ebff4cdb905a142d1198daf5 |
Web3 | Critical | Bounty |
Testnet Bridge Enclave Addresses: Avalanche0x9a3789061c69e14ca66251afa0e2efca0e04f1a5 |
Web3 | Critical | Bounty |
Testnet Bridge Enclave Addresses: Ethereum (Rinkeby)0x0401b67766e88e26b5309ca3f9b5360cf86df658 |
Web3 | Critical | Bounty |
Testnet Bridge Enclave Addresses: Bitcointb1q8nur2k3xphnsqa5zxgjl7djtkj3ya0gfs96nxk |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): BTC.b0x0f2071079315ba5a1c6d5b532a01a132c157ac83 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): DAI.e0x2f10b211817694a2fa00c6b5481ac4a95b896643 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): FAU.e0xb4e0f6fef81bdfea0856bb846789985c9cff7e85 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): LINK.e0x1741b9c475e0861a43b03f984928082ac4f3fb95 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): USDC.e0xc20386b7b8dc5d930511261aa789516f96a7eb16 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): USDT.e0xbce59d73868899a7b7896b46da20a06f663baf10 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): WBTC.e0xa0526df369774af18299deb370d66ae8723804d9 |
Web3 | Critical | Bounty |
Testnet contract addresses (subject to change): WETH.e0x7fcdc2c1ef3e4a0bcc8155a558bb20a7218f2b05 |
Web3 | Critical | Bounty |
Prod bridge front end (reporting only - please test on testnet) |
Web3 | Critical | Bounty |
Enclave server (please test on testnet only) |
Web | Critical | Bounty |
Ava Labs Warden server and blob storage endpoints (please test on testnet only) |
Web3 | Critical | Bounty |
Out of scope
Target | Type | Severity |
---|---|---|
Non Ava Labs Warden servers and other infra |
Web3 | None |
In Scope Vulnerabilities
- Double minting
- Under-collateralizing on the Ethereum side
- Any kind of smart contract authority changes
- Application level denial-of-service attacks
- Unauthorized access to Wardens and Enclave servers
- Unauthorized write to public readable-only cloud storage endpoints
- Cryptographic vulnerabilities
- Leaked secrets or credentials
- Web 2.0 vulnerabilities that undermines normal bridge operation, modifies the user interface or can lead to stolen funds
Out of Scope Vulnerabilities
- Third-party Warden hosts and infrastructure
- Transaction privacy
- Social engineering, phishing and scams, including Self-XSS
- SGX vulnerabilities (unless remotely exploitable with a POC)
- Discovery of unpublished server IP or service endpoints
Program Rules
- All Avalanche General program rules apply.
- For the Avalanche Bridge, you are welcome to report any vulnerabilities you come across during normal interactions with the production Bridge at https://bridge.avax.network/. However, you must only perform security testing and develop PoCs on the testnet Bridge http://bridge.avax-test.network/ .
- Bounties over $10k will be paid in one-year locked AVAX at the rate calculated based on a weighted average price of AVAX during 90 calendar days preceding the date of the respective validated report.
- Please note: In cases where a size the the reward exceeds an equivalent of 10,000 USD, Avalanche is entitled to make the payment in one-year locked AVAX at the rate calculated based on a weighted average price of AVAX during 90 calendar days preceding the date of the respective validated report.