Verifiable timestamps and ordering of events.
Explore Hedera’s network services and developer tools to discover bugs and vulnerabilities. We ask that you follow the rules of engagement while testing.
If you find a bug or vulnerability, then send an email to [email protected] with a description of your findings.
A member of the Hedera team will reach out for further information. Earnings are determined on a case-by-case basis. There is no cap on the number of hbars you can earn.
When in doubt, email us at [email protected].
That is to say that you can do cross-account testing, but only use accounts that you own/control.
The mainnet is for production use and should not be used for testing.
Do not perform any attack that could harm the reliability/integrity of Hedera services or data.
Exposing a vulnerability before Hedera is able to remediate could directly harm Hedera and the community, and will result in not receiving compensation for the bug's discovery.
This includes testing for vulnerabilities by impacting an account you do not own.
Such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.