Meet Flow
Flow is a decentralized platform that anyone can access, everyone can trust, and no-one can censor or block.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, Flow will reward you:
- Critical: $100,000 – $250,000
- High: $50,000
- Medium: $10,000
- Low: $2,000 – $5,000
Join The Bounty Hunt
There are 2 asset types to scope!
- Web
- Protocol
Make sure your reports contain info about these incidents:
Severity: Critical
- Emergency remediation
- Public announcement
- Hard-forking of a smart contract
Severity: High
- Immediate analysis and action is necessary
- Public disclosure in most cases
- Exploitation would significantly affect the Flow ecosystem
- Eventual fix of smart contract
Severity: Medium
- Remediation required, but impact is not significant
Severity: Low
- Low risk issues like misconfigurations with no proven path to exploit
To qualify for a reward, the vulnerability must fall within our Assets In Scope, comply with our Responsible Disclosure Guidelines, and meet the following criteria:
- Previously unknown – When reported, we must not have already known of the issue, either by internal discovery or other report.
- Material impact – Demonstrable vulnerability where, if exploited, the vulnerability would materially affect the confidentiality, integrity, or availability of our assets.
- Requires action – The vulnerability requires some mitigation.
- Your participation is not prohibited by applicable law.
Once you’re ready, click here to join the bounty hunt!