2.0 KiB
Wormhole Bug Bounty - ImmuneFi
The Wormhole bug bounty program is focused on the prevention of negative impacts to the Wormhole ecosystem, which currently covers our smart contracts, web UI, guardian nodes, and Wormhole integrations.
The primary prevention focuses are as follows:
-
Exploits resulting in the locking, loss, or theft of user funds.
-
General forging of unverified data, or validation of forged messages.
-
Determinism bugs that could lead to inconsistent bridge states.
-
Governance manipulation.
-
Exposure of infrastructure private keys and/or PII.
-
Vulnerabilities in the node operating software resulting in invalid behaviour.
-
Remote code execution.
-
Bugs that can facilitate Sybil attacks.
All web/app bug reports must come with a Proof of Concept in order to be considered for a reward. All smart contract and guardian node bug reports must come with log components, reproduction, and data about vulnerabilities to support learnings and bug fixes. This can be satisfied by providing relevant screenshots, docs, code, and steps to reproduce the issue.
Further detail can be found here: https://www.immunefi.com/bounty/wormhole
| Smart Contracts | |
|---|---|
| Critical | Up to USD $10,000,000 |
| High | USD $100,000 |
| Medium | USD $10,000 |
| Low | USD $2,500 |
| Guardian Nodes (Blockchain/DLT) | |
|---|---|
| Critical | Up to USD $10,000,000 |
| High | USD $100,000 |
| Medium | USD $5,000 |
| Low | USD $2,000 |
| Websites and Applications | |
|---|---|
| Critical | Up to USD $50,000 |
| High | USD $10,000 |
| Medium | USD $5,000 |
| Low | USD $1,000 |
Payouts are handled by the Terraform Labs Ltd team directly and are denominated in USD; however, payouts will be made in USDC. Further information about TFL can be found here: https://www.terra.money/