[New Bug Bounty] The first Bug Bounty Program for the TON Blockchain Protocol

Alex Horlan
СТО HackenProof
1 Minute Read


EVAA is the first decentralized lending protocol on TON that lets users lend or borrow assets without going to a centralized intermediary.

Check Out The Rewards

If you find a vulnerability according to the bounty rules, EVAA will reward you:

  • Critical: $4,500 – $5,000
  • High: $2,500 – $3,000
  • Medium: $900 – $1,000
  • Low: $100 – $200

Join The Bounty Hunt

There are 2 asset types to scope!

  • Web
  • Smart contract

Make sure your reports contain info about these incidents:

  • Business logic issues
  • Payments manipulation
  • Remote code execution (RCE)
  • Injection vulnerabilities (SQL, XXE)
  • File inclusions (Local & Remote)
  • Access Control Issues (IDOR, Privilege Escalation, etc)
  • Leakage of sensitive information
  • Server-Side Request Forgery (SSRF)
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Directory traversal
  • Other vulnerability with a clear potential loss
  • Stealing or loss of funds
  • Unauthorized transaction
  • Transaction manipulation
  • Attacks on logic (behavior of the code is different from the business description)
  • Reentrancy
  • Reordering
  • Over and underflows

To increase your chances of finding a critical bug, read EVAA whitepaper here.

Once you’re ready, click here to join the bounty hunt!

Read more on HackenProof Blog