Meet Walrus
Walrus is a decentralized storage network that stores and delivers raw data and media files—like videos, images, and PDFs—without sacrificing performance or accessibility. With Walrus, your data is always secure and available.
The Walrus Bug Bounty Program is designed to encourage security researchers to help identify vulnerabilities that might affect the security, reliability, and economic integrity of the Walrus decentralized storage protocol. Walrus leverages advanced two‐dimensional erasure coding (“Red Stuff”), a Sui-based control plane for node lifecycle and blob management, and an economic model based on staking and governance. Given that data integrity and correct fee enforcement are central to its operation, vulnerabilities that allow unauthorized deletion of data or enable storage for fees disproportionately are considered the most Critical.
Check Out The Rewards
If you find a vulnerability according to the bounty rules, Walrus will reward you:
- Critical: $100,000
- High: $10,000
- Medium: $5,000
- Low: $1,000 – $2,500
Join The Bounty Hunt
There are Smart Contracts to scope!
Make sure your reports contain info about these incidents:
Critical
- Stealing of funds such as accumulated rewards that are stored in Walrus contracts for values greater than $100,000 in notional value.
High
- Data Loss/Deletion: Vulnerabilities that enable an attacker to perform unauthorized/ unintended deletion or irreversibly corrupt stored blob data.
- Any flaw that allows an attacker to store data while paying little to nothing for storage, bypassing fee controls or staking requirements.
- Integrity & Availability Breaches: Issues that compromise the correctness of the availability certificate (e.g. forging commitments) or subvert the recovery mechanism, potentially allowing an attacker to prevent legitimate data recovery.
- Economic Manipulation: Vulnerabilities that allow an attacker to partially manipulate fee payment, commission rates, or staking rewards in a way that might lead to financial imbalance or unfair economic advantage.
- Authentication & Authorization Flaws: Bugs that could let an attacker impersonate a storage node or bypass certain access controls, though not directly causing full data loss.
Medium
- Full DoS of the network and no recovery without hardfork
- DoS of Walrus Aggregator/ Indexer (No brute force)
Low
- To be determined and confirmed by the Walrus team.
Once you’re ready, click here to join the bounty hunt!