Filecoin Bug Bounty Program

Filecoin Foundation is committed to the integrity and security of the Filecoin network. The Bug Bounty program rewards security researchers who help protect and strengthen the Filecoin protocol. Earn up to $150,000 (paid in USD and USDC) for reporting a qualifying critical vulnerability.

Since launch, we have collaborated with over 100 researchers and awarded more than $600,000 in bounties –– highlighting the vital role of community contributors in enhancing Filecoin’s resilience.

View Leaderboard
An illustration showing a magnifying glass focusing on a screen displaying lines of code. The scene is filled with abstract spherical elements connected by thin lines, and a small, stylized bug is visible near the bottom, symbolizing the concept of debugging or analyzing code.
How It Works

How to Participate

  • 1

    Submit a Report

    Report security vulnerabilities through our secure portal. The Filecoin Foundation security team will review your submission for accuracy and severity. 

  • 2

    Earn Bounty & Points

    Valid in-scope reports earn bounty payouts and Bounty Points. Valid out-of-scope reports can earn Reputation Points for meaningful contributions.

  • 3

    Get Recognized

    Climb the leaderboard, earn exclusive Filecoin swag, and gain recognition in the community.

Points System

How Points Are Calculated

We reward more than just payouts – we recognize meaningful contributirons that enhance security across the Filecoin nework. Your total score is a combination of two components: Bounty Points and Reputation Points.

Bounty Points

Earned for valid, in-scope reports, Bounty Points are calculated by dividing the bounty amount (in USD) by 100. A bounty of $1,000 = 10 Bounty Points.

Reputation Points

Earned for valid, out-of-scope reports, Reputation Points are based on the severity level: 5 points for low severity, 20 points for medium severity, 50 points for high severity, and 100 points for critical severity.

Leaderboard

Top Security Researchers

#ReporterTotal PointsProfile Link
1Marten Seemann140,375
2Porpoise7950135,375
3zhaogf22,737
4MajorExcitement15,625
50xdeadbeef15,000
Disclosure Guidelines

Coordinated Disclosure Policy

We believe in responsible, coordinated vulnerability disclosure. By working together with the security community, we can resolve issues quickly and safeguard the Filecoin ecosystem.

Before submitting a report, please review our disclosure guidelines to understand expectations around timelines, confidentiality, and communication, and the Filecoin Foundation privacy policy.

A blue magnifying glass resting on a stack of white papers, with light and shadow from window blinds creating striped patterns across the surface.

Explore the Program

For complete details of the Filecoin Bug Bounty program, visit Immunefi.

Explore the Program