Crescendo
Bounty Program
Introducing the Crescendo Bounty Program: Celebrating Two Years of Innovation and Launching the Preview Release Bug Bounty!
What is in scope of this bug bounty?
We're seeking any exploitable weaknesses in smart contract code, transactions, or scripts that could destabilize the Flow network, such as crashing or significantly slowing down network nodes.
Help us safeguard the Cadence & EVM runtime environment from unauthorized control and protect the non-public state of accounts from privilege escalation. Your expertise could earn you substantial rewards and contribute to a more secure Flow network!
We welcome any bug reports that clearly demonstrate unintended behavior and significantly impact Flow dApp builders or users.
Bounty Tiers
Since we are still auditing the preview release, please note that bounty rewards will be reduced to 50%.
Key Areas of Change and Potential Bugs
Here are the main areas that underwent significant changes and may contain edge cases or bugs. Help us perfect the Flow network and earn rewards!
Where can you test?
Testing of the Crescendo preview release can be performed in the Crescendo migration environment. All vulnerabilities must be reported in accordance with the Flow Responsible Disclosure Process.
What is outside of scope of this bug bounty?
Please refer to the Flow Protocol and Web Application exclusions listed in the Flow Responsible Disclosure.
Start building on Flow
Developer-friendly layer 1 blockchain with EVM equivalence enabling seamless user experiences, secure assets, and low fees.