Mysten Labs Bug Bounty Program
Add to Watchlist
Added to Watchlist
up to $30,000
up to ~73,000 SUI
Hard, Low Risks
Mysten Labs is thrilled to announce the launch of the Mysten Labs Bug Bounty Program, an initiative that empowers the global builder community to help fortify its products against potential security threats.
Mysten Labs always placed its customers' security at the forefront of priorities – by inviting skilled white hat hackers and cybersecurity professionals to uncover vulnerabilities in its products and innovations, the project aims to foster a safer digital ecosystem while rewarding their invaluable contributions.
Objectives and Scope
If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issue in any of the assets within the scope laid out below, Mysten Labs wants to hear from you. This policy outlines steps for reporting vulnerabilities, what Mysten Labs expect, and what you can expect from Mysten Labs.
The Mysten Labs Bug Bounty Program focuses on Mysten products and innovations, and currently includes any bugs related to Sui Wallet.
To submit a suspected vulnerability, email [email protected] with the following details:
- Detailed steps to reproduce the bug
- The potential impact of the bug
- Any potential fixes
Submissions requirements may be updated from time to time. Please make sure to review the Mysten Labs Bug Bounty Program page for up-to-date information.
Please note that the Mysten Labs Bug Bounty Program is separate from the Sui Bug Bounty Program, which focuses on vulnerabilities and security issues specifically within the Sui blockchain and encompasses aspects such as liveliness, integrity, and all components that make Sui run.
Rules and Rewards
The size of the reward will vary based on the severity of the reported vulnerabilities, with the opportunity to earn up to $30,000 per report (rewards will be paid in SUI; US persons will be paid in USD).
- Responsible Disclosure: If you find a security vulnerability, please submit it to the team privately (using the instructions below) before making it public. Rewards will not be awarded if a vulnerability is publicly disclosed first.
- No Disruption: Researchers should not disrupt Mysten Labs services and should minimize the impact of their testing on Mysten Labs users and systems.
- No Harm: Researchers must not exploit any vulnerability to access, modify, harm, or leak data that does not belong to them.
- Avoid Compromising Privacy: Testing should not compromise the privacy of any individual or entity.
Reward payouts will be processed following Mysten Labs KYC (Know Your Customer) procedures. Everyone that is eligible for a reward must pass the KYC process. For more details, see the Bug Bounty Program page.
Mysten Labs welcomes feedback from security researchers and the general public to help improve its security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issue in any of the assets within the scope laid out below, Mysten Labs wants to hear from you.
from 12 Oct 2023 06:00(UTC+3)