Back to Requests
Opened March 15, 2019

Help us find bugs and get paid

10 ZEC bounty

With the initial launch of ZF Grants, we're looking for help identifying bugs on the road to mainnet launch.

The Zcash Foundation and team are asking the community to help us test out the new Grants system, and find any critical issues before an upcoming mainnet launch.

For non-critical bugs, please use our GitHub issue queue to lodge bug reports.

For critical bugs, please review our Responsible Disclosure Policy. Critical bug disclosures that follow our Responsible Disclosure Policy will be eligible for a $500 reward (paid out in USD, not testnet coins). Because we don't currently have a document detailing bug scope, please use your best judgement when disclosing critical vulnerabilities, and err on the side of caution. Some examples that include but are not limited to what we would consider critical bugs are:

  • Manipulating the display of addresses to steal user funds
  • Gaining access to private user data
  • Circumventing authentication to impersonate a user or gain access to administrative functions
  • Causing service disruptions (DDOS or other spam attacks notwithstanding)
  • Cross site scripting injections

Bug bounties will be paid out by the team, and will require relevant tax documents and associated compliance procedures.

  • Accepted proposals will be funded up to 10 ZEC
  • Proposal submissions end April 5, 2019