Program stats

2 vulnerabilities rewarded

2 days average response time

$600 average payout (last 12 weeks)

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Dash is an experimental new digital currency that enables anonymous, instant payments to anyone, anywhere in the world. Dash uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network.

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

Targets

Dash Core is the name of the open source software which enables the use of this currency and is the primary target of this bug bounty program located at https://github.com/dashpay/dash

In the coming months, the Dash Core Team will be launching components of a major update to Dash called Evolution. For the development roadmap, see https://github.com/dashpay/dash-roadmap/blob/master/README.md

Rewards:

Priority           Reward
P1 $5,000 - $10,000
P2 $1,000 - $5,000
P3 $500 - $1000
P4 $100 - $500

.

Access

There is a Dash testnet created specifically for software testing. Unlike mainnet, the DASH that exists on testnet has no real value, and since it's an entirely separate network, there is no risk to using the new and experimental software. The Dash team invites anybody who is interested to download the software and become active on testnet.

For more in the Dash testnet, visit:
https://dashpay.atlassian.net/wiki/display/DOC/What+is+TestNet and https://www.dash.org/forum/threads/testnet-tools-resources.1768/

Focus Areas

At this time focus should be placed on the version 12.2 branch of Dash Core: https://github.com/dashpay/dash/tree/v0.12.2.x

Out-of-Scope

Any issues that have been reported will be out-of-scope: https://github.com/dashpay/dash/issues
https://www.dash.org

Rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for Informational (P5) findings. Learn more about Bugcrowd’s VRT.