Mysten Labs Bug Bounty Program - DropsEarn
Home Active Mysten Labs Bug Bounty Program
Mysten Labs Bug Bounty Program

Mysten Labs Bug Bounty Program

Add to Watchlist

Added to Watchlist

Reward pool

Not set

SUI

Expected profit

up to $30,000

up to ~73,000 SUI

Max participants

No limit

DropsEarn score

Neutral

Hard, Low Risks

Details

Mysten Labs is thrilled to announce the launch of the Mysten Labs Bug Bounty Program, an initiative that empowers the global builder community to help fortify its products against potential security threats.

Mysten Labs always placed its customers' security at the forefront of priorities – by inviting skilled white hat hackers and cybersecurity professionals to uncover vulnerabilities in its products and innovations, the project aims to foster a safer digital ecosystem while rewarding their invaluable contributions.

Objectives and Scope

If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issue in any of the assets within the scope laid out below, Mysten Labs wants to hear from you. This policy outlines steps for reporting vulnerabilities, what Mysten Labs expect, and what you can expect from Mysten Labs.

The Mysten Labs Bug Bounty Program focuses on Mysten products and innovations, and currently includes any bugs related to Sui Wallet.

To submit a suspected vulnerability, email [email protected] with the following details:

  1. Detailed steps to reproduce the bug
  2. The potential impact of the bug
  3. Any potential fixes

Submissions requirements may be updated from time to time. Please make sure to review the Mysten Labs Bug Bounty Program page for up-to-date information.

Please note that the Mysten Labs Bug Bounty Program is separate from the Sui Bug Bounty Program, which focuses on vulnerabilities and security issues specifically within the Sui blockchain and encompasses aspects such as liveliness, integrity, and all components that make Sui run.

Rules and Rewards

The size of the reward will vary based on the severity of the reported vulnerabilities, with the opportunity to earn up to $30,000 per report (rewards will be paid in SUI; US persons will be paid in USD).

  1. Responsible Disclosure: If you find a security vulnerability, please submit it to the team privately (using the instructions below) before making it public. Rewards will not be awarded if a vulnerability is publicly disclosed first.
  2. No Disruption: Researchers should not disrupt Mysten Labs services and should minimize the impact of their testing on Mysten Labs users and systems.
  3. No Harm: Researchers must not exploit any vulnerability to access, modify, harm, or leak data that does not belong to them.
  4. Avoid Compromising Privacy: Testing should not compromise the privacy of any individual or entity.

Reward payouts will be processed following Mysten Labs KYC (Know Your Customer) procedures. Everyone that is eligible for a reward must pass the KYC process. For more details, see the Bug Bounty Program page.

Links

About

Mysten Labs welcomes feedback from security researchers and the general public to help improve its security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issue in any of the assets within the scope laid out below, Mysten Labs wants to hear from you.

Activity Type

Testing

Bug bounty

Development

Date

from 12 Oct 2023 06:00(UTC+3)

Registration

Open

When Reward:

None

Event Status

You can participate(Event started, Registration open)