Only vulnerabilities and bugs in Lisk Core are being considered. Focus on the master branch and the latest Betanet branch only. At this point of time any vulnerability or bug existing within Lisk Core, is likely to be present in the Lisk SDK as well.
Only test on your own private network. Be careful when testing on the Betanet or Testnet, as these are public networks and could lead to you disclosing the vulnerability. Do not perform any tests on the Mainnet, as this may result in disqualification.
Vulnerabilities that were already submitted or will be resolved by implementation of an existing LIP, are not eligible for any remuneration. In addition, serial vulnerabilities caused by the same underlying issue are treated as a single vulnerability.
Vulnerabilities that were already submitted, are already known to us or are fixed by implementation of an existing LIP are not eligible for any remuneration. Serial vulnerabilities caused by the same underlying issue are treated as a single vulnerability.
Report your Bug
Submitted vulnerabilities and bugs should be described in the most detailed manner as possible. Clear reproducible steps or a solution are preferred, and may lead to a higher remuneration.
Disclaimer: We consider many different factors for determining the remuneration. Determinations of eligibility, impact, severity and other factors related to the remuneration are at our sole and final discretion. Due to AML/KYC regulations each participant contributing a bug or vulnerability report has to undergo a KYC procedure in order to receive any remuneration. This includes their full name and address, accompanied by a scan of a valid passport or ID card.