Deploy smart contracts on Filecoin’s Virtual Machine →
EN 中文
Category:
Mar 17, 2023

Refreshing the Filecoin Bug Bounty Program

Now that the Filecoin Virtual Machine (FVM) is officially live on Filecoin mainnet, the community is excited to announce a refreshed Filecoin bug bounty program, featuring increased rewards up to 500k USD for critical issues and inclusion of programmability features in scope.

Prior to mainnet deployment, the FVM core team ran a number of initiatives to analyze and harden the security of Filecoin’s new programmability components. This included internal red team audits, two external audits by Oak Security and Alex Wade, and the FVM Bulletproofing program.

Post-launch, the community continues to be committed to guaranteeing the security of the Filecoin network, now including its new and updated components: the FVM, the EVM runtime, and its dependencies.

With this update, we once again extend an invitation to security researchers, developers, and bug bunters to help us identify latent risks and problems that may remain in the codebase after mainnet launch.

Please make sure to use responsible disclosure and security best practices to minimize impact to the network, and to qualify for rewards.

Updated Scope:

Notes:

  • Criteria and the wording for this table might be refined in the next 5-7 working days.
  • Responsible disclosures for issues not explicitly listed in the table will still be reviewed and matched up against the severity classification based on their impact.

Updated rewards

To further incentivize developers and web3 security experts, bug bounties have been raised significantly. Please find the levels based on severity below:

  • Critical: up to 500,000 points
  • High: up to 100,000 points
  • Medium: up to 25,000 points
  • Low: up to 10,000 points
  • Micro-level issues: up to 5,000 points

Where currently 1 point = 1 USD (payable in USD, DAI, or FIL).

Rules and reports

The rules of the Filecoin Security Program remain intact, including what’s out of scope. To be eligible for bounties, you MUST apply responsible disclosure practices and submit your report to security@filecoin.io, following the instructions in the previous links.

Related Articles

View all articles
updates

The Filecoin Virtual Machine (FVM) is live on Mainnet!

Today, the Filecoin community is proud to announce the successful launch of the Filecoin Virtual Machine (FVM). As of epoch 2,683,348 (or 3.14PM UTC on March 14), the Filecoin blockchain now supports smart contracts and user programmability via the Filecoin Virtual Machine, unlocking the enormous potential of an open data economy.

Mar 14, 2023

updates

Introducing the FVM Milestone 1 Bug Bounty Program & Audits

Bug Bounties are now live for FVM Milestone 1 until the end of May.

Apr 7, 2022

updates

FVM Bulletproofing Initiative

FVM Bulletproofing is an invite-only initiative that aims to engage experts from relevant fields to assess the codebase for latent vulnerabilities and earn rewards for new issues they find and report responsibly.

Jan 20, 2023

Filecoin is an open-source cloud storage marketplace, protocol, and incentive layer.
icon_client
filecoin_request_icon
filecoin_data_icon
filecoin_data_icon_black
icon_miner
icon_miner_other
filecoin_data_icon_black