Crescendo is coming to Flow! Flow supercharges the Ethereum ecosystem with full EVM-equivalency and the power of Cadence 1.0.

Bounty Program

Introducing the Crescendo Bounty Program: Celebrating Two Years of Innovation and Launching the Preview Release Bug Bounty!

What is in scope of this bug bounty?

We're seeking any exploitable weaknesses in smart contract code, transactions, or scripts that could destabilize the Flow network, such as crashing or significantly slowing down network nodes.

Help us safeguard the Cadence & EVM runtime environment from unauthorized control and protect the non-public state of accounts from privilege escalation. Your expertise could earn you substantial rewards and contribute to a more secure Flow network!

We welcome any bug reports that clearly demonstrate unintended behavior and significantly impact Flow dApp builders or users.

Bounty Tiers

Severity: Critical
Severity: High
Severity: Medium
Severity: Low

Since we are still auditing the preview release, please note that bounty rewards will be reduced to 50%.

Key Areas of Change and Potential Bugs

Here are the main areas that underwent significant changes and may contain edge cases or bugs. Help us perfect the Flow network and earn rewards!

1. Cadence Language

2. Cadence contract update mechanism

3. Cadence & EVM runtime environment

4. General privilege elevation / escalation / unauthorized access

5. EVM Gateway

6. On-chain data

Where can you test?

Testing of the Crescendo preview release can be performed in the Crescendo migration environment. All vulnerabilities must be reported in accordance with the  Flow Responsible Disclosure Process.

What is outside of scope of this bug bounty?

Please refer to the Flow Protocol and Web Application exclusions listed in the Flow Responsible Disclosure.