Dash Logo
  • English
  • Deutsch
  • Ελληνικά
  • Español
  • Filipino
  • Français
  • Italiano
  • Nederlands
  • Polski
  • Português
  • Русский
  • Türkçe
  • Українська
  • 简体中文
  • 繁體中文
  • 한국어
  • 日本語
  • ไทย
  • العربية
  • فارسی
Get Started

Tools for users and shops

Home
Individuals
Businesses
Downloads
Buy Online
Where to Spend
New Merchant Kit
Institutions

Links, information and data

Institutions
Traders
Financial Services
Regulatory
FastPass
Developers

Lead the next-gen currency

Developers
Platform
Documentation
Contributing
Providers and Tools
Roadmap
Community

Connect, learn and create

Community
Bug Bounty Program
Learning Resources
Connect With Us
Masternodes
Mining
News
Blog
  • English
  • Deutsch
  • Ελληνικά
  • Español
  • Filipino
  • Français
  • Italiano
  • Nederlands
  • Polski
  • Português
  • Русский
  • Türkçe
  • Українська
  • 简体中文
  • 繁體中文
  • 한국어
  • 日本語
  • ไทย
  • العربية
  • فارسی

Bug Bounty Program

The Dash Core Group Bug Bounty Program allows developers to discover and resolve bugs before the general public is aware of such bugs, preventing incidents of widespread abuse. If you find a security vulnerability on any of the in-scope products mentioned below, please let us know right away by reporting it.

  • Mainnet
  • Dash Core Desktop Wallet
  • Dash Wallet Android
  • Dash Wallet iOS
Report a Bug PGP Key

Responsible Disclosure

As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.  If you prefer to submit via an encrypted email you can download the key above and email the details to [email protected]

Eligibility Requirements for Individuals

  • You cannot have any contractual engagement with DCG
  • You cannot have any contractual engagement with the DIF
  • You cannot be an active Trust Protector
  • You cannot receive a bounty from the incubator for the same bug
  • You must provide basic KYC information (passport, local ID, etc.)
  • Recipients must provide a USD bank account or a Dash address at a major exchange
  • Residents / Citizens of OFAC restricted countries can report bugs but will not be eligible for a payout

Bounty Rewards

The goal of the DCG Bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of our users. Vulnerability submissions must meet certain criteria to be eligible for bounty rewards. Bounty rewards are based on a combination of priority and severity.

  • Level 1 (60 Points) = $5,000
  • Level 2 (50 Points) = $2,000
  • Level 3 (40 Points) = $750
  • Level 4 (30 Points) = $200
  • Level 5 (20 Points) = $50
Learn more
Priority
(High)
Priority
(Medium)
Priority
(Low)
Severity
(High)
60 points
50 points
40 points
Reward
$5,000
$2,000
$750
Severity
(Medium)
50 points
40 points
30 points
Reward
$2,000
$750
$200
Severity
(Low)
40 points
30 points
20 points
Reward
$750
$200
$50

ELIGIBLE

  • Identify a vulnerability that was not previously reported to, or otherwise known by, DCG
  • Such vulnerability must be reproducible in one of the in-scope products by DCG
  • Include clear, concise, and reproducible steps, either in writing or in video format
    • Provide our engineers the information necessary to quickly reproduce, understand, and fix the issue

INELIGIBLE

  • Vulnerabilities that require root/jailbreak access to exploit unless the root/jailbreak is initiated by the attacker after gaining physical access to the device
  • Third-party libraries that are not owned by DCG
High severity image

Severity High

30 Points Could cause a loss of funds
Without a device access

Private key exposure, recovery phrase exposure, pin code attack/bypass

Medium severity image

Severity Medium

20 Points Prevents the use or receipt of funds
Without a device access

Cannot sync with the chain, persistent error when trying to send Dash, cannot receive a transaction that was successfully submitted to the network

Breach of privacy
With device access

Private key exposure, recovery phrase exposure, pin code attack/bypass, balance or transaction visibility without the required authentication

Low severity image

Severity Low

10 Points

Wallet balance and transactions
With device access Incorrect balance, incomplete transaction history that is reproducible, cannot recover a valid wallet


 

Low priority image

Priority High

30 Points Very likely to occur, can occur on every device model and in any localization with the latest OS version, does not require the installation of additional software on the device

Medium priority image

Priority Medium

20 Points Moderate likelihood to occur, can only occur on specific device models in any localization with any supported OS version or can occur on every device model in a specific localization with any supported OS version

Low priority image

Priority Low

10 Points Low likelihood of occurring, can occur on a specific device model or a specific localization with a specific OS version

Bounty Payments

  • Awards will be paid in Dash based on the current USD price at the date/time of the original submission
    • Dash amounts are based on the volume-weighted average USD price published at messari.io
  • Payouts will not cover any banking/transfer fees
  • DCG will make any final decisions regarding severity and priority scoring
Join in the discussion
Be social
Dash Logo

Instant transactions and micro-fees. Any amount, anytime, anywhere.

Home

Individuals Businesses Downloads Buy Online Where to Spend New Merchant Kit

Institutions

Traders Financial Services Regulatory FastPass

Developers

Platform Documentation Contributing Providers and Tools Roadmap

Community

Bug Bounty Program Learning Resources Connect With Us Masternodes Mining News Blog
FAQ Team Jobs Contact Brand Guidelines On-chain Metrics Find an ATM Block Explorer

Subscribe to our
Newsletter

Subscription Type *
Success! Thank you for signing up for our newsletter.


We have a full service support desk with humans on call, plus extensive learning resources, tools and wikis. Get Support
Trustpilot
Terms of Use | Privacy Statement
This website uses cookies to improve your experience. Got it! Learn more
Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
SAVE & ACCEPT
66647