On May 31, 2018, day of the TRON's mainnet launch, TRON DAO launched TRON Bug Bounty Program with a total reward of $10 million.
It is aimed at discovering potential technical vulnerabilities in the mainnet with the help of TRON’s community members, especially those who specialize in global network security, to sustain TRON mainnet as the most secure public blockchain in the industry and to provide secure and stable infrastructure and services to DApps deployed on the mainnet. We take the security of TRON mainnet very seriously. If you have made an important discovery of potential bugs, please contact us and join the TRON Bug Bounty Program as soon as possible and we will surely offer generous rewards!
Bug Bounty begins on May 31, 2018.
We will give our feedback on the bug reports and update developers on our progress.
Before the bug is successfully fixed, please do not disclose any detail on the bug to anyone other than TRON DAO.
We welcome developers to join our official Slack community after making the bug report for follow-up communication on bug fix.
Please do not maliciously leak or tamper with account information.
Please do not perform any malicious attack which could damage the reliability or integrity of our service or data.
You can look for potential bugs in the following code repositories:java-tron
Also, please note that we have limited the scope of eligible bugs, meaning that only bugs fulfilling the following requirements can earn rewards.
Fatal bugs for USD$100,000 and up: bugs which can take control of java-tron nodes by remote execution of any code.
Fatal bugs for USD$50,000 and up: bugs which can lead to private key leakage.
Advanced bugs for USD$10,000 and up: bugs which can incur Denial of Service (DoS) in java-tron through P2P network.
Advanced bugs for USD$10,000 and up: bugs which can incur Denial of Service (DoS) in java-tron through RPC-API.
Intermediate bugs for USD$6,000 and up: bugs which can incur Denial of Service (DoS) in java-tron through TRON Protocol.
Intermediate bugs for USD$6,000 and up: bugs allowing unauthorized operations on user accounts.
To get involved in TRON Bug Bounty Program, please visit https://hackerone.com/tronfoundation
1. All rights of interpretation of the Bug Bounty are reserved to TRON.
2. TRON DAO decides whether to reward and how much will be rewarded.
3. Any individual or team participant should not violate any laws and regulations during testing.