Guidelines

Building
Focus on Lisk Core

Only vulnerabilities and bugs in Lisk Core are being considered. Focus on the master branch and, if one exists, the latest Betanet branch only. Right now any vulnerability existing within Lisk Core, is likely to be present in the Lisk SDK as well.

item 2
Stay on your private network

Only test on your own private network. A report is only eligible if it is clear that the reporter did not abuse this bug on one of the public networks.

Keep it to yourself

It is forbidden to disclose reported bugs to the public. Doing so will forfeit any potential remuneration.

Validity of vulnerabilities

Vulnerabilities that were already submitted, are already known to us or are fixed by implementation of an existing LIP are not eligible for any remuneration. Serial vulnerabilities caused by the same underlying issue are treated as a single vulnerability.

Remuneration

Bugbounty payouttable v2

Report your Bug

To file a report, use the submission form below. Alternatively, if you prefer to file a report via email, use security@lisk.com

 

Submitted vulnerabilities and bugs should be described in the most detailed manner as possible. Clear reproducible steps or a solution are preferred, and may lead to a higher remuneration.

Report a bug | Lisk.com

Disclaimer: We consider many different factors for determining the remuneration. Determinations of eligibility, impact, severity and other factors related to the remuneration are at our sole and final discretion. Due to AML/KYC regulations each participant contributing a bug or vulnerability report has to undergo a KYC procedure in order to receive any remuneration. This includes their full name and address, accompanied by a scan of a valid passport or ID card.