DeFiChain Bug Bounty Program

DeFiChain is engaging with security experts as well as the community to hunt down vulnerabilities. Our bounty program rewards up to USD 50,000.

Leaderboard

DeFiChain thanks the following bounty hunters in their efforts to keep DeFiChain secure.

1.Dr. Daniel Cagara

@muirglacier
Masternode mining efficiency exploit
7,500 DFI($26,250 USD)
3rd-party masternode fund lockup issue
2,250 DFI($7,875 USD)
Probabilistic side mining exploit
3,750 DFI($13,125 USD)
Dropping of masternode through transaction malleability
6,000 DFI($21,000 USD)
Masternode quorum anchor confirmation bug
4,500 DFI($15,750 USD)
Masternode boost with infinite timelock
6,000 DFI($21,000 USD)

2.(anonymous)

Atomic swap bug
10,500 DFI($31,500 USD)

3.Alex Andreae

@sourcecoast
Bitcoin anchor fee validation issue
3,000 DFI($10,500 USD)

How to participate

There are many ways to get started finding a bug bounty. You can start by connecting to the DeFiChain testnet by running
defid -testnet
. Alternatively, you could study our source code at GitHub. If you find a bug through interacting with our program and/or studying our source code, we can offer a bug bounty of up to USD 50,000 worth of DFI provided that we find the bug significant, and you are able to provide useful info in regards to fixing or reproducing the issue.Be sure to study the code that is tagged for official releases, not the master branch or other code that is still currently under development.

Submission process

As security is a sensitive issue, we encourage users not to submit public issues regarding the security of the blockchain. We encourage using your own discretion, if you feel the issue is not something the public can easily exploit, then feel free to create an issue at the repo over at GitHub. If the issue presents some critical exploit, then please email us instead at security@defichain.com.
In your submission please include:
  • A clear description of the issue
  • A fix for the issue, preferably as a pull request
  • If unable to provide a fix, then please provide clear directions on how to reproduce the issue
  • Your email address or other relevant contact details (e.g. Telegram ID)
  • Your DFI address for receiving the bounty if your submission is approved