Bug Bounty Program
The FIO bounty program, managed and funded by the Foundation, is focused on identifying issues and problems that can impact the entire ecosystem. These could include:
- Loss of User Funds
- Exposure of private information (keys, PII)
- Incorrect or inconsistent query results
However, vulnerabilities that are already known are not considered as in-scope of the bounty program, as well as other things listed as out-of-scope in the relevant section below. Bounty hunters submit vulnerability reports at their own risk of being rejected as a known issue.
These pages provide more information about the program:
| Content | Summary |
|---|---|
| Program Scope | Provides guidelines as to in-scope and out-of-scope areas of investigation |
| Rules and Requirements | Provides guidelines for Rules and Responsibilities, as well as directions for reporting vulnerabilities. |
| How to Report | Provides instructions on how to report a bug. |
| Reward Levels | Provides an overview of the bounty rewards available for finding vulnerabilities in FIO protocol. |
| Frequently Asked Questions | Provides a list of frequently asked questions and answers. |
Updated over 1 year ago