Core: Program Info

Triaged by HackenProof

Ended 174 days ago

This program has moved to ImmuneFi effective December 4, 2023:

In Scope

Target Type Severity Reward
Other Critical Bounty
Core Web Wallet

Web3 Critical Bounty
Android Critical Bounty

Out of scope

Target Type Severity
Legacy Web wallet

Web3 None

In Scope Vulnerabilities

  • Remote attacks that lead to loss of funds
  • User interface tampering, e.g. unauthorized change to a smart contract address
  • Attacks due to malicious contents embedded in transaction data (e.g. malicious NFTs)
  • Secrets / private key compromise
  • Cryptographic flaws
  • Infrastructure vulnerabilities or misconfiguration

Out of Scope Vulnerabilities

  • Out of scope vulnerabilities in Avalanche General
  • Attacks requiring physical access to the victim’s device
  • Social engineering, phishing, scams
  • Vulnerabilities in to the underlying platform/environment, e.g. web browser, mobile OS, microarchitectural (SPECTRE/MELTDOWN) attacks
  • Attacks depending on rooted/jailbroken devices
  • Transaction privacy
  • Dependency takeovers
  • All Avalanche General program rules apply
  • The severity of the report may be adjusted taking into account the alpha/beta release status of the application