Iron Fish Bug Bounty on HackerOne

Elena Nadolinski

CEO & Founder @ Iron Fish

Updated 11/29/2023: The HackerOne bug bounty program is no longer active. We will be replacing it with another program soon.

We’ve always deeply cared about security. In fact, Iron Fish has had one of the longest running testnet phases out of any L1 project. Now that Iron Fish is fully mainnet launched, we want to continue incentivizing users to find bugs and properly report them, which is why we launched the Iron Fish Bug Bounty Program hosted by HackerOne. HackerOne is one of the oldest, longest standing, and most reputable platforms for white hackers to find and report bugs in an ethical and safe way.

The first Iron Fish Bug Bounty is now live on HackerOne with various payouts based on the severity of the bug report. If you find a bug that you believe is critical, please do not disclose it publicly, but instead use the bug bounty program.

Building privacy for crypto is hard, and it is through you—our community—that we can advance Iron Fish forward and ensure the integrity and safety of the network and future upgrades.

Program Overview 

The Iron Fish Bug Bounty program has four tiers corresponding to the severity of the vulnerability disclosed:

🟡 Low$1,000
🟠 Medium$2,500
🟣 High$5,000
🔴 Critical$10,000

We are specifically looking for vulnerabilities in the protocol or core Iron Fish implementation that would result in consequences such as hard forks, privacy leaks and supply manipulation of any sort. CPU, Memory, Disk, or other resource attacks are under consideration but not yet in scope. For more information on conditions and exceptions visit the program’s scope specifications.

When submitting a bug, make sure:

  • It is included in the scope of the program.
  • It is an unreported vulnerability.
  • The report contains enough information to verify and fix the vulnerability.
  • The report follows HackerOne’s disclosure guidelines.

The Importance of a Bug Bounty for Iron Fish 

Infrastructure is where security matters most. As a foundational network for financial privacy, Iron Fish is relying on help from the community to make sure that its solutions are robust and battle-tested.

To get started, first download the source code for Iron Fish and follow the instructions to get a local build. If you find a bug, submit a report on HackerOne after creating an account.

Thank you everyone for keeping Iron Fish safe!

Join the Iron Fish community 🏃🐟 

Elena Nadolinski

CEO & Founder @ Iron Fish

Elena is the Founder and CEO of Iron Fish — previously worked at Airbnb, Tilt, and Microsoft. Fell down the cryptocurrency rabbit hole in 2017. Really didn't want her insurance to know she eats pizza.

Join our newsletter and stay up to date with privacy and crypto.

Discover our impactful presence — read our blog.


  • FAQ
  • Whitepaper
  • Tokenomics


  • Get Started
  • Node App
  • Mine
  • Block Explorer
  • Ecosystem


  • Documentation
  • Github


  • Foundation
  • Governance
  • Grants
  • Our Community


  • About Us
  • Media Kit
  • Contact Us
Privacy Policy


Copyright 2024 Iron Fish.