Sui is a Layer 1 blockchain and smart contract platform designed to make digital asset ownership fast, private, secure, and accessible to everyone.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, Sui Foundation will reward you:
- Critical: $100,000 – $500,000
- High: $50,000
- Medium: $10,000
- Low: $5,000
Join The Bounty Hunt
Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.
Make sure your reports contain info about these incidents:
- Exceeding the maximum supply of 10 billion SUI + allowing the attacker to claim the excess funds (Critical)
- Loss of Funds (Critical)
- Violating BFT assumptions, acquiring voting power vastly disproportionate to stake, or any other issue that can meaningfully compromise the integrity of the blockchain’s proof of stake governance (Critical)
- Network not being able to confirm new transactions (total network shutdown) requiring a hard fork to resolve (Critical)
- Arbitrary, non-Move remote code execution on unmodified validator software (Critical)
- Temporary total network shutdown or unintended chain split (duration greater than 10 minutes) (High)
- A bug that results in unintended and harmful smart contract behavior with no concrete funds at direct risk (Medium)
- Unintended, permanent burning of SUI under the max cap (Medium)
- Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network (Medium)
- Send a transaction that triggers an invariant violation error code in unmodified validator software (Low)
- A remote call that crashes a Sui fullnode (Low)
Once you’re ready, click here to join the bounty hunt!