Flow is a decentralized platform that anyone can access, everyone can trust, and no-one can censor or block. Flow is the future.
Target | Type | Severity | Reward |
---|---|---|---|
https://www.flow.com Copy | Web | Critical | Bounty |
*.flow.com Copy | Web | Critical | Bounty |
*.onflow.org Copy | Web | Critical | Bounty |
Target | Type | Severity | Reward |
---|---|---|---|
store.flow.com Copy | Web | None | Bounty |
We are interested in the following vulnerabilities:
Vulnerabilities found in out of scope resources are unlikely to be rewarded unless they present a serious business risk (at our sole discretion). In general, the following vulnerabilities do not correspond to the severity threshold:
Flow was built from the ground up with security in mind. Our code, infrastructure, and development methodology help us keep our users safe.
We appreciate and encourage the security researcher community to report potential vulnerabilities in our assets.If you identify a vulnerability, please notify us using the following guidelines. Things To Do:
Things Not To Do:
We are happy to thank everyone who submits valid reports which help us improve the security. However, only those that meet the following eligibility requirements may receive a monetary reward: