Building a strong security culture in the Filecoin project has been one of our core goals from day zero of the project. It goes from creating bleeding edge, researched, and evaluated mathematical proofs that set the foundation for the critical operations executed in the Filecoin Protocol (e.g. Proof of Replication & Proof of Space Time), to building a culture of strong security habits, secure code development and testing, through working with multiple external security specialists, pentesters and researchers to audit our code and practices. Security is of utmost importance in any sound decentralized network.

We invite all security researchers to join us in maintaining the security of the Filecoin Network

Vulnerability Reporting

Almost anything you find that is a bug in the codebase should be filed as an issue on GitHub. However, when you find a bug that is also a security vulnerability and can compromise the integrity of the live network, please bring it to our attention right away.

We’ve created two main channels for reporting:

  • Send an email to security@filecoin.org. This email is monitored everyday. Please use our PGP key to encrypt sensitive information.
  • Alternatively, request to join the filecoin_sec team on Keybase, where we can set up a private channel to discuss.

Please do not file a public issue or discuss the vulnerability in public places like Slack, Twitter, etc.

Participate in the Filecoin Bug Bounty

We created a program to reward all security researchers, hackers and security afficionados that invest time into finding bugs on the Filecoin protocol and its respective implementations.

Reported security vulnerabilities are eligible for a Bug Bounty.

Security Audits

Security Audits

Protocol implementations continuously undergo rigorous third-party auditing. Published audit reports are linked in the Filecoin Specification under Audit Reports.

Responsible Disclosure

Responsible Disclosure

We have a Coordinated Disclosure policy. We will make a best effort to address all vulnerabilities as soon as possible and coordinate with the researcher the disclosure of the finding.

Bug Bounty

Bug Bounty

We've created this program for all security researchers to collaborate with the Filecoin project. All findings submitted that fall within the rules of the program will receive a reward.

Security Updates

Security Updates

We will announce any major security events on this page as well as via Filecoin Community Slack and Twitter.