Find bugs. Submit a report. Earn rewards.
We welcome Hedera community members to contribute to the Hedera network platform and services codebase, developer tools, and more by finding and submitting bugs and vulnerabilities. The entire ecosystem will benefit from the shared efforts in improving the robustness of Hedera’s software and security.
Explore Hedera’s network services and developer tools to discover bugs and vulnerabilities. We ask that you follow the rules of engagement while testing.
If you find a bug or vulnerability, then report a bug with a description of your findings.
A member of the Hedera team will reach out for further information. Earnings are determined on a case-by-case basis. There is no cap on the amount of rewards you can earn.
When in doubt, read the Bug Bounty Policy or email us at [email protected].
You can do cross-account testing, but only access accounts that you own/control.
The mainnet is for production use and should not be used for testing.
Exposing a bug or vulnerability before Hedera is able to remediate could directly harm the Hedera network and the community, and will result in not receiving a reward for the bug's discovery.
This includes testing for vulnerabilities by impacting an account you do not own.
Social engineering, phishing, or physical attacks against Hedera employees, users, or the network infrastructure is not allowed.
If the provided report is not detailed enough to reproduce the issue, then the issue will not be eligible for a reward.
Unless you need to chain vulnerabilities to provide impact.
We only award the first report that was received (provided that it can be fully reproduced).
Only a single bounty will be rewarded for underlying issues causing multiple vulnerabilities.
Have a suggestion or feature request? The Hedera Improvement Proposal (HIP) program is the place to do it. HIPs can range from core protocol changes, to the applications, frameworks, and protocols built on top of the Hedera public network and used by the community. Get started by visiting the HIP repository.
Submit a report