Core

Triaged by HackenProof
Avalanche

Core is a set of free, non-custodial browser extension and apps engineered for Avalanche users. The Core wallet brings Avalanche dApps, NFTs, bridges, Subnets, and more–directly to you.

The Core browser extension has been released with other Core apps due to be launched shortly. Stay tuned for updates.

In Scope

Target Type Severity Reward
Other Critical Bounty
Core Web Wallet

https://core.app/

Web3 Critical Bounty

Out of scope

Target Type Severity
Legacy Web wallet

https://wallet.avax.network/

Web3 None

In Scope Vulnerabilities

  • Remote attacks that lead to loss of funds
  • User interface tampering, e.g. unauthorized change to a smart contract address
  • Attacks due to malicious contents embedded in transaction data (e.g. malicious NFTs)
  • Secrets / private key compromise
  • Cryptographic flaws
  • Infrastructure vulnerabilities or misconfiguration

Out of Scope Vulnerabilities

  • Out of scope vulnerabilities in Avalanche General
  • Attacks requiring physical access to the victim’s device
  • Social engineering, phishing, scams
  • Vulnerabilities in to the underlying platform/environment, e.g. web browser, mobile OS, microarchitectural (SPECTRE/MELTDOWN) attacks
  • Attacks depending on rooted/jailbroken devices
  • Transaction privacy
  • All Avalanche General program rules apply
  • The severity of the report may be adjusted taking into account the alpha/beta release status of the application