Filecoin Bounty Program

The Filecoin Bounty Program provides bounties for bugs. Help identify bugs and improve the Filecoin network. The most prolific contributors can earn a prestigious Filecoin Security Research Fellowship.

Recent Submissions

Leo Zhang

IPFSUnion

A message that could make the global cron actor's HandleProvingPeriod method crash.

Mitigation →

Wei Yang

ARS

A bug in ConsensusFaultTimeOffsetMining that could lead to incorrectly declared faults.

Mitigation →

Wei Yang

ARS

An issue with the ReportConsensusFault function that caused it to not take effect.

Mitigation →

Security Research Fellowship

The most prolific contributors to Filecoin's security can earn a selective Filecoin Security Research Fellowship. Fellows receive funding for directed or open-ended exploration of Filecoin's security model, as well as a venue to discuss the protocol with other top experts.

Rules & Rewards

Filecoin's public bug bounty rewards will launch in late July 2020. Bugs submitted today will still be considered for rewards on a case-by-case basis. Here are some guidelines for submissions.

  • Issues that have already been submitted by another user or are already known to the Filecoin team are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.
  • You can start or fork a private chain for bug hunting. Please respect the Filecoin main and test networks and refrain from attacking them.
  • Filecoin's core development team, employees and all other people paid by the Filecoin project, directly or indirectly (except for Security Research Fellows), are not eligible for rewards.
  • Filecoin websites and general infrastructure are NOT part of the bounty program.
  • The Filecoin bounty program considers a number of variables in determining rewards. Determinations of eligibility and all terms related to an award are at the sole and final discretion of the Filecoin bug bounty panel.
  • The quality of the description, reproducibility, and fix (if included) are heavily considered when assessing reward amounts and Security Research Fellowship appointments.
  • Please review the critical bug examples for guidelines on which types of submissions are the most useful.

Many thanks to the Ethereum Foundation for providing the inspiration for this program.