Filecoin Bug Bounty Program
Filecoin Foundation is committed to the integrity and security of the Filecoin network. The Bug Bounty program rewards security researchers who help protect and strengthen the Filecoin protocol. Earn up to $150,000 (paid in USD and USDC) for reporting a qualifying critical vulnerability.
Since launch, we have collaborated with over 100 researchers and awarded more than $600,000 in bounties –– highlighting the vital role of community contributors in enhancing Filecoin’s resilience.
View Leaderboard
How to Participate
- 1
Submit a Report
Report security vulnerabilities through our secure portal. The Filecoin Foundation security team will review your submission for accuracy and severity.
- 2
Earn Bounty & Points
Valid in-scope reports earn bounty payouts and Bounty Points. Valid out-of-scope reports can earn Reputation Points for meaningful contributions.
- 3
Get Recognized
Climb the leaderboard, earn exclusive Filecoin swag, and gain recognition in the community.
How Points Are Calculated
We reward more than just payouts – we recognize meaningful contributirons that enhance security across the Filecoin nework. Your total score is a combination of two components: Bounty Points and Reputation Points.
Bounty Points
Earned for valid, in-scope reports, Bounty Points are calculated by dividing the bounty amount (in USD) by 100. A bounty of $1,000 = 10 Bounty Points.
Reputation Points
Earned for valid, out-of-scope reports, Reputation Points are based on the severity level: 5 points for low severity, 20 points for medium severity, 50 points for high severity, and 100 points for critical severity.
Top Security Researchers
Coordinated Disclosure Policy
We believe in responsible, coordinated vulnerability disclosure. By working together with the security community, we can resolve issues quickly and safeguard the Filecoin ecosystem.
Before submitting a report, please review our disclosure guidelines to understand expectations around timelines, confidentiality, and communication, and the Filecoin Foundation privacy policy.

Explore the Program
For complete details of the Filecoin Bug Bounty program, visit Immunefi.