Andrii Stepanov
Marketing Manager

Meet Flow

Flow is a decentralized platform that anyone can access, everyone can trust, and no-one can censor or block.

Check Out The Rewards

If you find a vulnerability according to the bounty rules, Flow will reward you:

  • Critical: $100,000 – $250,000
  • High: $50,000
  • Medium: $10,000
  • Low: $2,000 – $5,000

Join The Bounty Hunt

There are 2 asset types to scope!

  • Web
  • Protocol

Make sure your reports contain info about these incidents:

Severity: Critical

  • Emergency remediation
  • Public announcement
  • Hard-forking of a smart contract

Severity: High

  • Immediate analysis and action is necessary
  • Public disclosure in most cases
  • Exploitation would significantly affect the Flow ecosystem
  • Eventual fix of smart contract

Severity: Medium

  • Remediation required, but impact is not significant

Severity: Low

  • Low risk issues like misconfigurations with no proven path to exploit

To qualify for a reward, the vulnerability must fall within our Assets In Scope, comply with our Responsible Disclosure Guidelines, and meet the following criteria:

  1. Previously unknown – When reported, we must not have already known of the issue, either by internal discovery or other report.
  2. Material impact – Demonstrable vulnerability where, if exploited, the vulnerability would materially affect the confidentiality, integrity, or availability of our assets.
  3. Requires action – The vulnerability requires some mitigation.
  4. Your participation is not prohibited by applicable law.

Once you’re ready, click here to join the bounty hunt!