Avalanche Protocol

Triaged by HackenProof

Avalanche is an open-source platform for launching highly decentralized applications, new financial primitives, and new interoperable blockchains.

In Scope

Target Type Severity Reward
Protocol Critical Bounty
Protocol Critical Bounty
Protocol Critical Bounty

In-Scope Vulnerabilities

The list is not limited to the following submissions but it gives an overview of what issues we care about:

  • Stealing or loss of funds
  • Unauthorized transaction
  • Transaction manipulation
  • Price manipulation
  • Fee payment bypass
  • Balance manipulation
  • Violation of Avalanche tokenomics
  • Violation of the Avalanche consensus protocols (Avalanche and Snowman)
  • Privacy violation (below Bitcoin level privacy)
  • Cryptographic flaws

Out-of-Scope Vulnerabilities

  • Network-level DoS
  • Privacy beyond what Bitcoin offers

All rules in the General Program apply. In addition:

  • Perform testing on a private testnet wherever possible
  • If you discover a potential vulnerability on the production network (mainnet or public testnet), please attempt to validate the finding on a private testnet
  • For third-party (non-Avalanche) smart contracts please follow security testing guidelines provided by the third-party.