[New Bug Bounty] RISC Zero Has Launched Bug Bounty With Up to $150,000 Reward Per Critical Vulnerability

Alex Horlan
Head of Triage, HackenProof
1 Minute Read

Meet RISC Zero

RISC Zero – is the quickest, easiest way to write verifiable programs. Get to market fast with dramatically lower development costs on the first general purpose zkVM.

Check Out The Rewards

If you find a vulnerability according to the bounty rules, RISC Zero will reward you:

  • Critical: $10,000 – $150,000
  • High: $5,000 – $10,000
  • Medium: $1,000 – $5,000
  • Low: $250 – $1,000

Join The Bounty Hunt

There is zkVM to scope!

Make sure your reports contain info about these incidents:

  • Affirmative verifiation of  receipt false
  • Extraction of private inputs to zkVM guest program from a receipt
  • Information leakage in receipts that reveal knowledge of zkVM guest program execution (e.g. specific cycle counts, or memory access patterns).
  • Arbitrary code execution in the zkVM verifier based on a malicious receipt
  • Arbitrary code execution in the zkVM host from a malicious guest program (e.g. zkVM executor VM escapes).
  • Reading or writing to zkVM host memory or storage outside of defined I/O interface

To increase your chances of finding a critical bug, read RISC Zero docs here.

Once you’re ready, click here to join the bounty hunt!

Read more on HackenProof Blog