Bug Bounty

Find bugs. Get rewarded.

Help secure the BLINK network. Report vulnerabilities responsibly and earn rewards up to $500,000.

Security program

Community-powered security.

The BLINK Bug Bounty Program invites security researchers, developers, and white-hat hackers to identify and report vulnerabilities. We reward quality reports generously and handle every submission with confidentiality.

Bounty tiers

Rewards match impact.

Bounties are based on severity, quality of the report, and potential impact.

Low severity
$1,000 - $5,000

Minor issues with limited impact, such as informational findings or low-severity UI bugs.

Medium severity
$5,000 - $25,000

Issues that could affect individual users or degrade service quality.

High severity
$25,000 - $100,000

Significant vulnerabilities that could impact funds, consensus, or network integrity.

Critical severity
$100,000 - $500,000

Catastrophic vulnerabilities that could cause massive fund loss or network failure.

Scope

What is in scope.

We are interested in vulnerabilities across the entire BLINK stack. Out-of-scope reports include social engineering, physical attacks, and already-public issues.

Smart contracts

Token contracts, compliance modules, staking, and governance contracts.

Consensus

Validator logic, slashing conditions, and block production mechanisms.

Bridges

Cross-chain messaging, asset wrapping, and bridge relayers.

Compliance modules

KYC/AML flows, oracle attestations, and regulator dashboard.

Web infrastructure

Official websites, APIs, documentation, and front-end applications.

Rules

Play by the rules. Stay safe.

These guidelines protect researchers, users, and the network.

Responsible disclosure

Report vulnerabilities privately and give the team reasonable time to fix them.

No public disclosure

Do not disclose issues publicly until a fix is deployed and the report is approved.

First-come-first-served

The first complete, valid report for a given vulnerability receives the bounty.

No exploitation

Do not exploit vulnerabilities, attack mainnet, or harm users or data.

How to report

From report to payout.

A clear timeline so you know what to expect after submitting a vulnerability.

01

Submit report

Send a detailed report through the secure submission channel with reproduction steps.

02

Triage

The security team validates severity and scope within 5 business days.

03

Fix + retest

The team patches the issue and asks the reporter to verify the fix.

04

Payout

Once verified, the bounty is paid in BLINK or stablecoin within 30 days.

Hall of fame

Top security contributors.

Recognizing the researchers who have helped keep BLINK secure.

0xSecure

12 findings
Critical

ChainGuard

8 findings
High

NodeHunter

15 findings
Medium

BugWarden

6 findings
High

ZeroDayZ

10 findings
Critical

Start hunting.

Review the scope, follow the rules, and submit your first report today.