Guidelines

Building
Focus on Lisk Core

Only vulnerabilities and bugs in Lisk Core are being considered. Focus on the master branch and the latest Betanet branch only. At this point of time any vulnerability or bug existing within Lisk Core, is likely to be present in the Lisk SDK as well.

item 2
Stay on your private network

Only test on your own private network. Be careful when testing on the Betanet or Testnet, as these are public networks and could lead to you disclosing the vulnerability. Do not perform any tests on the Mainnet, as this may result in disqualification.

Keep it to yourself

Vulnerabilities that were already submitted or will be resolved by implementation of an existing LIP, are not eligible for any remuneration. In addition, serial vulnerabilities caused by the same underlying issue are treated as a single vulnerability.

Validity of vulnerabilities

Vulnerabilities that were already submitted, are already known to us or are fixed by implementation of an existing LIP are not eligible for any remuneration. Serial vulnerabilities caused by the same underlying issue are treated as a single vulnerability.

Remuneration

Bugbounty payouttable v2

Report your Bug

To file a report, use the submission form below. Alternatively, if you prefer to file a report via email, use .

Submitted vulnerabilities and bugs should be described in the most detailed manner as possible. Clear reproducible steps or a solution are preferred, and may lead to a higher remuneration.

Bugbounty - form

Disclaimer: We consider many different factors for determining the remuneration. Determinations of eligibility, impact, severity and other factors related to the remuneration are at our sole and final discretion. Due to AML/KYC regulations each participant contributing a bug or vulnerability report has to undergo a KYC procedure in order to receive any remuneration. This includes their full name and address, accompanied by a scan of a valid passport or ID card.