We welcome Hedera community members to contribute to the Hedera network platform and services codebase, developer tools, and more by finding and submitting bugs and vulnerabilities. The entire ecosystem will benefit from the shared efforts in improving the robustness of Hedera’s software and security.
Explore Hedera’s network services and developer tools to discover bugs and vulnerabilities. We ask that you follow the rules of engagement while testing.
If you find a bug or vulnerability, then send an email to security@hedera.com with a description of your findings.
A member of the Hedera team will reach out for further information. Earnings are determined on a case-by-case basis. There is no cap on the number of hbars you can earn.
When in doubt, email us at security@hedera.com.
That is to say that you can do cross-account testing, but only use accounts that you own/control.
The mainnet is for production use and should not be used for testing.
Do not perform any attack that could harm the reliability/integrity of Hedera services or data.
Exposing a vulnerability before Hedera is able to remediate could directly harm Hedera and the community, and will result in not receiving compensation for the bug's discovery.
This includes testing for vulnerabilities by impacting an account you do not own.
Such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
Have a suggestion or feature request? The Hedera Improvement Proposal (HIP) program is the place to do it. HIPs can range from core protocol changes, to the applications, frameworks, and protocols built on top of the Hedera public network and used by the community. Get started by visiting the HIP repository.
