Skip to content
Back to Blog

Chia’s Bug Bounty Program Has Launched with Bugcrowd

Share this article:
LinkedInCopy Link

We are excited to announce that today our new Bug Bounty program has gone live with the support of Bugcrowd!

This program is initially rolling out to a curated list of select security researchers managed by Bugcrowd while we iron out any kinks and get the program up to full speed. After that, Bugcrowd will be inviting more researchers to the program in waves over the next few weeks, with the goal of opening up the Bounty program to their entire network of millions of security researchers, before the end of the year.

To initially start, we worked with Bugcrowd to set our bounties at values they recommended as the most practical for our needs, based on their experience with the other projects they manage. As time goes on, if we feel these results do not meet the needs and expectations of the security researcher community, we will revise them if needed.

Here are the current ranges as of this writing:

  • P5/Info – $0
  • P4/Low – $200-$400
  • P3/Moderate – $600-$850
  • P2/Severe – $1500-$1750
  • P1/Critical $5,000 – anything+

On the critical P1s, while the range starts at the 5k mark, ultimately it depends on the scope of what is found.

The scales themselves are what was advised to us by Bugcrowd, based on the few thousand programs they currently manage when compared against our needs and specifics. As time goes on (part of this slow ramp-up phase) we will adjust them if needed, based on feedback from the security researchers submitting issues and our account managers at Bugcrowd. As to what classification an issue goes into, it is a industry standard matrix Bugcrowd uses called VRT – Vulerability Rating Taxonomy.

If you are a security researcher who is passionate about blockchain technology and the work we do here at Chia, we encourage you to sign up and join their community (assuming you already aren’t part of it!) and join in as soon as you are able in one of their waves. It’s not often I am excited about spending large sums of money, but paying out security researchers for quality findings is definitely one of those reasons!

(When the time comes that we’re able to fully open to program to all members of the Bugcrowd platform at large, we’ll be sure to update everyone again at that time!)

You might also like:

October 26, 2023

We’re Going to Ludicrous Speed.

Light speed was too slow, so our new ludicrous speed ASIC Timelords will be fully operational by November 9th, 2023! …
Other
August 04, 2023

Bug Bounty: Self-Hosted Runners

We’ve always maintained the idea that the community owns the blockchain codebase, and to that end, we’re always looking for…
Other
May 02, 2023

The Green Paper Has a New Home

The new version of our green paper is updated to explain the consensus algorithm we actually deployed. It is very…
Other
chia logo
September 23, 2021

Chia Token Standard Naming

TL;DR: The Chia token standard is going to be called CAT1 We’re in the process of making a real standard…
Other