Iron Fish Bug Bounty on HackerOne
Elena Nadolinski
CEO & Founder @ Iron Fish
Updated 11/29/2023: The HackerOne bug bounty program is no longer active. We will be replacing it with another program soon.
We’ve always deeply cared about security. In fact, Iron Fish has had one of the longest running testnet phases out of any L1 project. Now that Iron Fish is fully mainnet launched, we want to continue incentivizing users to find bugs and properly report them, which is why we launched the Iron Fish Bug Bounty Program hosted by HackerOne. HackerOne is one of the oldest, longest standing, and most reputable platforms for white hackers to find and report bugs in an ethical and safe way.
The first Iron Fish Bug Bounty is now live on HackerOne with various payouts based on the severity of the bug report. If you find a bug that you believe is critical, please do not disclose it publicly, but instead use the bug bounty program.
Building privacy for crypto is hard, and it is through you—our community—that we can advance Iron Fish forward and ensure the integrity and safety of the network and future upgrades.
Program Overview
The Iron Fish Bug Bounty program has four tiers corresponding to the severity of the vulnerability disclosed:
| 🟡 Low | $1,000 |
|---|---|
| 🟠 Medium | $2,500 |
| 🟣 High | $5,000 |
| 🔴 Critical | $10,000 |
We are specifically looking for vulnerabilities in the protocol or core Iron Fish implementation that would result in consequences such as hard forks, privacy leaks and supply manipulation of any sort. CPU, Memory, Disk, or other resource attacks are under consideration but not yet in scope. For more information on conditions and exceptions visit the program’s scope specifications.
When submitting a bug, make sure:
- It is included in the scope of the program.
- It is an unreported vulnerability.
- The report contains enough information to verify and fix the vulnerability.
- The report follows HackerOne’s disclosure guidelines.
The Importance of a Bug Bounty for Iron Fish
Infrastructure is where security matters most. As a foundational network for financial privacy, Iron Fish is relying on help from the community to make sure that its solutions are robust and battle-tested.
To get started, first download the source code for Iron Fish and follow the instructions to get a local build. If you find a bug, submit a report on HackerOne after creating an account.
Thank you everyone for keeping Iron Fish safe!
Join the Iron Fish community 🏃🐟
Elena Nadolinski
CEO & Founder @ Iron Fish
Elena is the Founder and CEO of Iron Fish — previously worked at Airbnb, Tilt, and Microsoft. Fell down the cryptocurrency rabbit hole in 2017. Really didn't want her insurance to know she eats pizza.