Bug Bounty Program

The FIO bounty program, managed and funded by the Foundation, is focused on identifying issues and problems that can impact the entire ecosystem. These could include:

  • Loss of User Funds
  • Exposure of private information (keys, PII)
  • Incorrect or inconsistent query results

However, vulnerabilities that are already known are not considered as in-scope of the bounty program, as well as other things listed as out-of-scope in the relevant section below. Bounty hunters submit vulnerability reports at their own risk of being rejected as a known issue.

These pages provide more information about the program:

Program ScopeProvides guidelines as to in-scope and out-of-scope areas of investigation
Rules and RequirementsProvides guidelines for Rules and Responsibilities, as well as directions for reporting vulnerabilities.
How to ReportProvides instructions on how to report a bug.
Reward LevelsProvides an overview of the bounty rewards available for finding vulnerabilities in FIO protocol.
Frequently Asked QuestionsProvides a list of frequently asked questions and answers.