Avalanche is an open-source platform for launching highly decentralized applications, new financial primitives, and new interoperable blockchains.
In Scope
| Target | Type | Severity | Reward |
|---|---|---|---|
AvalancheGo |
Protocol | Critical | Bounty |
Ortelius |
Protocol | Critical | Bounty |
| Protocol | Critical | Bounty | |
Avalanche Wallet |
Protocol | Critical | Bounty |
api.avax.network |
API | Critical | Bounty |
api.avax-test.network |
API | Critical | Bounty |
| Severity (CVSSv3) | Reward |
|---|---|
| Critical | 10000$ |
| High | 5000$ |
| Medium | 1000$ |
| Low | 100$ |
- For more information, please check https://docs.avax.network/ .
- Guide on how to create a Local Test Network
- If you have any questions regarding the environment or vulnerabilities, please reach out to [email protected]
In-Scope Vulnerabilities
The list is not limited to the following submissions but it gives an overview of what issues we care about:
- Stealing or loss of funds
- Unauthorized transaction
- Transaction manipulation
- Price manipulation
- Fee payment bypass
- Balance manipulation
- Violation of Avalanche tokenomics
- Violation of the Avalanche consensus protocols (Avalanche and Snowman)
- Privacy violation (below Bitcoin level privacy)
- Cryptographic flaws
Out-of-Scope Vulnerabilities
- Network-level DoS
- Privacy beyond what Bitcoin offers
All rules in the General Program apply. In addition:
- Perform testing on a private testnet wherever possible
- If you discover a potential vulnerability on the production network (mainnet or public testnet), please attempt to validate the finding on a private testnet
- For third-party (non-Avalanche) smart contracts please follow security testing guidelines provided by the third-party.