Core: Program Info

Triaged by HackenProof
Avalanche

Ended 174 days ago

This program has moved to ImmuneFi effective December 4, 2023:

https://immunefi.com/bounty/avalabs/

In Scope

Target Type Severity Reward
Other Critical Bounty
Core Web Wallet

https://core.app/

Web3 Critical Bounty
Android Critical Bounty

Out of scope

Target Type Severity
Legacy Web wallet

https://wallet.avax.network/

Web3 None

In Scope Vulnerabilities

  • Remote attacks that lead to loss of funds
  • User interface tampering, e.g. unauthorized change to a smart contract address
  • Attacks due to malicious contents embedded in transaction data (e.g. malicious NFTs)
  • Secrets / private key compromise
  • Cryptographic flaws
  • Infrastructure vulnerabilities or misconfiguration

Out of Scope Vulnerabilities

  • Out of scope vulnerabilities in Avalanche General
  • Attacks requiring physical access to the victim’s device
  • Social engineering, phishing, scams
  • Vulnerabilities in to the underlying platform/environment, e.g. web browser, mobile OS, microarchitectural (SPECTRE/MELTDOWN) attacks
  • Attacks depending on rooted/jailbroken devices
  • Transaction privacy
  • Dependency takeovers
  • All Avalanche General program rules apply
  • The severity of the report may be adjusted taking into account the alpha/beta release status of the application