Walrus is a decentralized storage network that stores and delivers raw data and media files — like videos, images, and PDFs — without sacrificing performance or accessibility. With Walrus, your data is always secure and available.
Target | Type | Severity | Reward |
---|---|---|---|
https://github.com/MystenLabs/walrus/tree/main/contracts Copy Scoped to mainnet tags/ testnet tags | Smart Contract | Critical | Bounty |
https://github.com/MystenLabs/walrus/tree/main/crates/walrus-core Copy | Smart Contract | Critical | Bounty |
Scoped to mainnet tags/ testnet tags
The Walrus Bug Bounty Program is designed to encourage security researchers to help identify vulnerabilities that might affect the security, reliability, and economic integrity of the Walrus decentralized storage protocol. Walrus leverages advanced two‐dimensional erasure coding (“Red Stuff”), a Sui-based control plane for node lifecycle and blob management, and an economic model based on staking and governance. Given that data integrity and correct fee enforcement are central to its operation, vulnerabilities that allow unauthorized deletion of data or enable storage for fees disproportionately are considered the most Critical.
Smart Contracts & On-Chain Logic: Sui smart contracts governing blob registration, storage resource management, shard migration, and staking/governance functions. Core Protocol Components: The implementation of the “Red Stuff” encoding/decoding algorithms and associated data commitment mechanisms.The availability certificate generation and verification process.
DoS on Client Interfaces/APIs:
Economic and Incentive Mechanisms:
Currency: Rewards may be paid in USD or WAL tokens at the discretion of the Walrus Foundation. Reward Adjustments: Payouts are subject to review based on impact, ease of exploitation, and potential damage. Multiple reports on the same vulnerability will be consolidated. Critical Economic & Data-Availability Bugs: Because the protocol’s economic model and data durability are paramount, vulnerabilities such as those allowing storage at near-zero cost or accidental deletion of data will be weighed more heavily. Eligibility: Only vulnerabilities found in official releases (and, where applicable, on the public testnet environment) of Walrus are eligible for rewards.
We are happy to thank everyone who submits valid reports which help us improve the security. However, only those that meet the following eligibility requirements may receive a monetary reward: