Crescendo
Bounty Program
Help Secure the Biggest Flow Upgrade Since Launch
What is in the scope of this bounty program?
This bug bounty program seeks exploitable weaknesses in smart contract code, transactions, or scripts that could destabilize the Flow network, such as crashing or significantly slowing down network nodes.
The goal is to safeguard the Cadence and EVM runtime environment from unauthorized control and protect the non-public state of accounts from privilege escalation. Your expertise could earn substantial rewards and contribute to a more secure Flow network!
The bounty program welcomes any bug reports that clearly demonstrate unintended behavior and significantly impact Flow builders or users.
Bounty Tiers
Where are potential bugs?
The Crescendo upgrade introduces major performance upgrades and full EVM equivalence. Here are the key areas that underwent significant changes, and potential bugs that could arise.
What is outside the scope of this program?
All vulnerabilities must be reported in accordance with the Flow Responsible Disclosure Process.
For a list of Flow protocol and web application exclusions (i.e. non-qualifying vulnerabilities), refer to the Flow Responsible Disclosure.
Start building on Flow
Developer-friendly layer 1 blockchain with EVM equivalence enabling seamless user experiences, secure assets, and low fees.