Table of Contents
At BNB Chain, we’re committed to strengthening the blockchain ecosystem!
Our Bug Bounty Program is designed to encourage the identification and responsible disclosure of security vulnerabilities that directly affect BNB Chain and its components, such as the blockchain, nodes, and wallets.
By reporting these vulnerabilities to us, you not only play a crucial role in maintaining the network’s security, but can also earn substantial rewards for your efforts.
Rewards for Your Valuable Contributions
We believe in rewarding the hard work and expertise of the security community. Depending on the severity and impact of the reported vulnerabilities, you have the opportunity to earn rewards ranging from $200 to a whopping $100,000. These rewards are categorized as follows:
|P0 (Critical vulnerabilities)||Up to $100,000|
|P1(High-risk vulnerabilities)||$5,000 to $30,000|
|P2 (Medium-risk vulnerabilities)||$1,500 to $5,000|
|P3 (Low-risk vulnerabilities)||$600 to $1,500|
|P4 (Minor vulnerabilities)||$200 to $600|
In addition to monetary rewards, participants who demonstrate exceptional skills and significantly contribute to the improvement of BNB Chain’s security will be acknowledged in our Hall of Fame. This recognition is a testament to your expertise and dedication to enhancing the safety of the BNB Chain ecosystem.
How to Participate in the BNB Chain Bug Bounty Program
Participating in the BNB Chain Bug Bounty Program is simple.
1. Visit the Bounty Page.
Security researchers should submit their reports on our dedicated Bounty Page at https://bugbounty.bnbchain.org. This is where you will provide all the necessary details about the vulnerability you’ve discovered.
2. Submit a Detailed Report.
Your report should include:
- A clear, concise, and reproducible description of the vulnerability.
- Where applicable, the detailed steps to reproduce the issue.
- Information about the potential environment.
- Where applicable, a proof of concept.
- Relevant screenshots, log files, or other evidence.
To simplify things, we have created a reporting template for your convenience:
i. Chain: Specify the targeted chain (e.g., BNB Beacon Chain, BSC, opBNB, or Greenfield).
ii. Attack Scenario: Provide a detailed description of the attack or bug scenario, along with the unexpected or problematic behavior observed.
iii. Impact: Explain the potential effects of this issue in a live production setting.
iv. Components: Identify the affected files, functions, and/or specific line numbers where the bug appears.
v. Reproduction Steps: If you used any tools or simulations to discover the bug, thoroughly describe the method to recreate the problematic behavior.
vi. Suggested Fix: If applicable, include a description of a possible solution for the issue.
vii. Additional Details: Provide any other relevant information not covered in the sections above.
3. Please familiarize yourself with the BNB Chain Bug Bounty Program Rules here.
Help Secure BNB Chain
Join us in our mission to strengthen the security of the BNB Chain’s ecosystem. Your expertise is invaluable, and your contributions can make a significant impact.
Ready to claim your bounty? Submit your bug report today! Together, we can build a more secure and resilient BNB Chain.