Program Overview

The FIO bounty program, managed and funded by the Foundation, is focused on identifying issues and problems that can impact the entire ecosystem. These could include:

  • Loss of User Funds
  • Exposure of private information (keys, PII)
  • Incorrect or inconsistent query results

However, vulnerabilities that are already known are not considered as in-scope of the bounty program, as well as other things listed as out-of-scope in the relevant section below. Bounty hunters submit vulnerability reports at their own risk of being rejected as a known issue.

These pages provide more information about the program:

Content Summary
Scope for Bounties Provides guidelines as to in-scope and out-of-scope areas of investigation
Rules and Directions for Reporting Vulnerabilities Provides guidelines for Rules and Responsibilites, as well as directions for reporting vulnerabilities.
Bounty Rewards Provides an overview of the bounty rewards available for finding vulnerabilities in FIO protocol.
Frequently Asked Questions Provides a list of frequently asked questions and answers.