Only vulnerabilities and bugs in Lisk Core are being considered. Focus on the master branch and, if one exists, the latest Betanet branch only. Right now any vulnerability existing within Lisk Core, is likely to be present in the Lisk SDK as well.
Only test on your own private network. A report is only eligible if it is clear that the reporter did not abuse this bug on one of the public networks.
It is forbidden to disclose reported bugs to the public. Doing so will forfeit any potential remuneration.
Vulnerabilities that were already submitted, are already known to us or are fixed by implementation of an existing LIP are not eligible for any remuneration. Serial vulnerabilities caused by the same underlying issue are treated as a single vulnerability.
Report your Bug
To file a report, use the submission form below. Alternatively, if you prefer to file a report via email, use email@example.com
Submitted vulnerabilities and bugs should be described in the most detailed manner as possible. Clear reproducible steps or a solution are preferred, and may lead to a higher remuneration.
Disclaimer: We consider many different factors for determining the remuneration. Determinations of eligibility, impact, severity and other factors related to the remuneration are at our sole and final discretion. Due to AML/KYC regulations each participant contributing a bug or vulnerability report has to undergo a KYC procedure in order to receive any remuneration. This includes their full name and address, accompanied by a scan of a valid passport or ID card.