Bug bounty
Triaged by Hackenproof

Celestia: Program info

Celestia

Company: Celestia
KYC required POC required
This program is active now
Program infoHackers (10)Reports

Celestia is a blockchain network that introduces a modular approach to the design and functionality of blockchains. Unlike traditional blockchains that bundle consensus, data availability, and execution into a single layer, Celestia separates these functions to offer a more scalable and flexible infrastructure.

In scope
TargetTypeSeverityReward
https://github.com/celestiaorg/celestia-core
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/celestia-app
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/celestia-node
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/go-header
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/rsmt2d
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/nmt
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/go-square
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/go-fraud
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/klauspost/reedsolomon
copy
Copy
success Copied
Protocol
Critical
Bounty
https://github.com/celestiaorg/blobstream-contracts
copy
Copy
success Copied

Blobstream

Other
Critical
Bounty
Target
https://github.com/celestiaorg/celestia-core
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/celestia-app
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/celestia-node
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/go-header
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/rsmt2d
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/nmt
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/go-square
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/go-fraud
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/klauspost/reedsolomon
copy
Copy
success Copied
TypeProtocol
Severity
Critical
RewardBounty
Target
https://github.com/celestiaorg/blobstream-contracts
copy
Copy
success Copied

Blobstream

TypeOther
Severity
Critical
RewardBounty

Focus Area

⚠️Only the code that directly impacts the celestia protocol in the versions referenced in the go.mod of celestia-app and celestia-node are within scope. Whether or not an issue in this repo is within scope will be determined by the Celestia Foundation in its sole discretion.⚠️

Vulnerability Categories

Critical: Up to $750k in TIA tokens

Loss of User Funds

  • Theft of funds without user signature
  • Loss of staking rewards (including, but not limited, to slashing or tombstoning) without validator signature
  • Excludes censoring of validator signatures by a dishonest ≥1/3 of voting power
  • Excludes network attacks on the validator’s node(s)
  • Excludes consensus liveness violations (i.e. chain halts)

Consensus Violations

  • Consensus safety violation (i.e. chain fork) with < 1/3 dishonest voting power, within the unbonding period
  • Inclusion of valid transaction(s) with the out-of-spec side effect that allows minting of TIA or transferring locked, delegated, or staked TIA
  • Acceptance by full nodes of a badly-encoded block

High: Up to $250k in TIA tokens

Liveness

  • Consensus liveness violation (i.e. chain halt) with < 1/3 dishonest voting power

Network DoS Attacks (Crash)

  • Crashing an arbitrary node with a single bounded-size message each (no more than maximum block size)
    • i.e. Remote resource exhaustion via non-RPC protocols such as exploiting a nil pointer dereference that can immediately halt a node without any automatic recovery

Network Partition

  • Eclipse attack on an arbitrary node
    • Excludes network partitions that require control of the p2p network (including, but not limited to, control over a large number of p2p nodes) or underlying networking infrastructure (including, but not limited to, control of bootstrapper nodes)

Supply Chain Attacks

  • Attacks that identify gaps in the implementation of Github security policies for managing releases of source code, pre-built binaries, or docker images, that allow downloading malicious code
  • Excludes social attacks and phishing attacks

Medium: Up to $50k in TIA tokens

DoS Attacks (Resource Exhaustion)

  • Remote resource exhaustion via non-RPC protocols.

State Corruption

  • Inclusion of a valid transaction or blob that results in an EDS or data root that is not reconstructable

Low: Up to $10k in TIA tokens

RPC DoS/Crashes

  • Remote resource exhaustion via RPC methods.

Out of Scope:

The following components are out of scope for the bounty program:

  • Any DDoS attack
  • Any metrics, logging, or tracing, such as Grafana, Prometheus, etc.
  • Any infrastructure for running nodes
  • Any encrypted credentials, auth tokens, etc. checked into version control
  • Bugs in dependencies other than those explicitly listed. Please take them upstream!
  • Attacks that require social engineering
  • Attacks that require network partitions (but not network partitions themselves, see above)
  • Attacks that require physical access
  • Any asset whose source code does not exist in the in-scope repositories
  • Any bugs caused by user, intentionally or by error

**For each bounty, 25% of the TIA will be unlocked and 75% will be locked for 12 months.

Program Rules

  • When testing for possible bugs please adhere to the following:
  • Stay within the defined scope of the program and only perform testing within the program scope.
  • Do not damage or restrict the availability of products, services, or infrastructure
  • Do not compromise any personal data
  • Do not cause interruption or degradation of any service
  • Don’t access or modify other user data, instead localize all tests to your accounts
  • Do not test against mainnet, instead use testnets and local devnets
  • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
  • Don’t spam forms or account creation flows using automated scanners
  • Do not use web application scanners for automatic vulnerability searching which generates massive traffic, as web properties are out of scope for this program.
  • In that case where you find a vulnerability that qualifies for multiple categories/severities, please only submit it once for the highest category/severity, as we will only pay for the highest category/severity.
  • Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized representative of the Celestia Foundation without appropriate permission
  • In case that your findings is valid you will be asked for KYC verification to proceed with payments
  • For more information, check: https://docs.celestia.org/

Eligibility and Coordinated Disclosure

Reporting / Disclosures

DO NOT CREATE A GITHUB ISSUE to report a security problem.

Instead please use the HackenProof bug bounty program. Provide a helpful title, detailed description of the vulnerability and an exploit proof-of-concept. Speculative submissions without proof-of-concept will be closed with no further consideration.

Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.

Expect a response as fast as possible in the advisory, typically within 72 hours.

If you do not receive a response from HackenProof, send an email to [email protected] with the full URL of the advisory you have created. DO NOT include attachments or provide detail sufficient for exploitation regarding the security issue in this email. Only provide such details in the advisory.

Eligibility

  • Only those that meet the following eligibility requirements may receive a monetary reward:
  • You must be the first reporter of a vulnerability
  • The vulnerability must be a qualifying vulnerability
  • Submissions MUST include an exploit proof-of-concept to be considered eligible:
  • Valid exploits MUST NOT be executed on any public cluster, public testnet, or in any public manner
  • Proof-of-concepts should be demonstrated using localized or private networks
  • The participant submitting the bug report must follow the process outlined within this document
  • Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through hackenproof.com
  • You must send a clear textual description of the report along with steps to reproduce the issue, including attachments such as screenshots or proof of concept code as necessary
  • ONLY USE the EMAIL under which you registered your HackenProof account (in case of violation, no bounty can be awarded)
  • Participants must complete a compliance screen and sign the participation agreement with Hacken. Security exploits will still be assessed and open for submission at all times. This needs only be done prior to distribution of tokens.
  • Provide detailed but to-the point reproduction steps
  • Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
  • Employees, spouses, partners, or families of employees, or of former employees, of Celestia Labs, the Celestia Foundation, and any subsidiaries, are not eligible to participate in the Bug Bounty program
Rewards
Range of bounty$0 - $750,000
Severity
Critical
$750,000
High
$250,000
Medium
$50,000
Low
$10,000
Stats
Scope Review3958
Submissions10
Total rewards$0
Types
smart contract
other
blockchain
Languages
Go
Project types
L1
Hackers (10) View all
SLA (Service Level Agreement)
Time within which the program's triage team must respond
Response TypeBusiness days
First Response3d
Triage Time15d
Reward Time15d
Resolution Time120d