• For more information, please check https://docs.avax.network/ .
• Guide on how to create a Local Test Network
• If you have any questions regarding the environment or vulnerabilities, please reach out to [email protected]

In-Scope Vulnerabilities

The list is not limited to the following submissions but it gives an overview of what issues we care about:

• Stealing or loss of funds
• Unauthorized transaction
• Transaction manipulation
• Price manipulation
• Fee payment bypass
• Balance manipulation
• Violation of Avalanche tokenomics
• Violation of the Avalanche consensus protocols (Avalanche and Snowman)
• Privacy violation (below Bitcoin level privacy)
• Cryptographic flaws

Out-of-Scope Vulnerabilities

• Network-level DoS
• Privacy beyond what Bitcoin offers

All rules in the General Program apply. In addition:

• Perform testing on a private testnet wherever possible
• If you discover a potential vulnerability on the production network (mainnet or public testnet), please attempt to validate the finding on a private testnet
• Please note: In cases where a size the reward exceeds an equivalent of 10,000 USD, Avalanche is entitled to make the payment in one-year locked AVAX at the rate calculated based on a weighted average price of AVAX during 90 calendar days preceding the date of the respective validated report.