Product

Earn with DeFi

Support

Company

Braavos Wallet Bug Bounty Program

The Braavos Bug Bounty Program invites security researchers and ethical hackers to enhance the security of our crypto wallet. Join us in safeguarding user funds and building a more secure blockchain experience on Starknet.
Braavos Nation
• Nov 4, 2024
2 min read
Braavos Wallet Bug Bounty Program


We invite security researchers and white-hat hackers to help us maintain the highest levels of security for our users. Braavos Wallet Bounty Program program is designed to reward those who identify bugs and other security vulnerabilities in our wallet, with the primary goal being the safety of user funds.


Vulnerability Severity Levels:

CRITICAL: Vulnerabilities that are highly likely to be exploited and can cause severe impact, such as the loss of significant funds. This includes exploits that allow attackers to gain access to wallets or manipulate transactions. Rewards for critical issues range from $10,000 to $20,000.

 

HIGH: Exploits with a high likelihood that can result in substantial financial losses under specific conditions, like attackers draining wallets. These vulnerabilities are rewarded with $1,000 to $10,000.

 

MEDIUM: Issues with a moderate likelihood, compromising user privacy or leaking sensitive data, such as personal information or transaction history, but not directly involving financial loss. Rewards range from $100 to $1,000.

 

LOW: Vulnerabilities with low likelihood or impact that do not compromise security or privacy, but may cause minor usability or interface issues. Rewards for these issues are $10 to $100.

 

Exclusions:

We do not pay for:

  •  basic website scan results or general findings that do not directly impact the security of user wallets, transactions, or personal information.
  • Attacks which require physical access to the device, or attacks based on a compromised device
  • ‘Best practice’ guidelines without a concrete attack

 

How to Submit:

To submit a vulnerability, please email to bounty@braavos.app the following required details:

 

  1. **Name** (required)
  2. **Email** (required)
  3. **Proof of Concept (PoC) Link**: This can be a screenshot, video, link to a site, or a Gist that demonstrates the issue.
  4. **Description**: A detailed explanation of the issue.
  5. **Steps to Reproduce**: Instructions on how to replicate the issue.
  6. **Expected Impact**: How this vulnerability could impact users or the platform.

 

We look forward to working with the security community to ensure our wallet remains secure and trusted.

 

Payout:

The severity level of the issue and the corresponding payout amount will be determined by Braavos, based on internal assessment.

Payments will be processed only after a valid invoice is submitted by the bounty submitter.

All payments will be made in USDC on the Starknet blockchain.

 

Braavos on Starknet

Braavos on Starknet

Be The First To Know

Subscribe now and receive monthly updates and interesting news about Braavos and Starknet ecosystem.