Avalanche Protocol


Avalanche is an open-source platform for launching highly decentralized applications, new financial primitives, and new interoperable blockchains.

In Scope

Target Type Severity Reward
Protocol Critical Bounty
Protocol Critical Bounty
Protocol Critical Bounty
Protocol Critical Bounty
API Critical Bounty
API Critical Bounty

In-Scope Vulnerabilities

The list is not limited to the following submissions but it gives an overview of what issues we care about:

  • Stealing or loss of funds
  • Unauthorized transaction
  • Transaction manipulation
  • Price manipulation
  • Fee payment bypass
  • Balance manipulation
  • Violation of Avalanche tokenomics
  • Violation of the Avalanche consensus protocols (Avalanche and Snowman)
  • Privacy violation (below Bitcoin level privacy)
  • Cryptographic flaws

Out-of-Scope Vulnerabilities

  • Network-level DoS
  • Privacy beyond what Bitcoin offers

All rules in the General Program apply. In addition:

  • Perform testing on a private testnet wherever possible
  • If you discover a potential vulnerability on the production network (mainnet or public testnet), please attempt to validate the finding on a private testnet
  • For third-party (non-Avalanche) smart contracts please follow security testing guidelines provided by the third-party.