โ† All Bounties
StarkNet logo

StarkNet

Permissionless decentralized ZK-Rollup operating as an L2 network over Ethereum

ETHLayer 2KYC RequiredPoC Required
Verified ProgramKYC RequiredPoC Required
Max Bounty$1,000,000
Min Bounty$1,000
PayoutUSDC
Findings0
Accepted0
Chains1
Live SinceOct 2022

01Severity & Rewards

02Program Rules

  1. 01Proof of Concept is required for all submissions. Reports without a working PoC demonstrating the vulnerability will not be considered.
  2. 02KYC verification is required before bounty payout. Researchers must complete identity verification to receive rewards.
  3. 03Only previously unreported vulnerabilities are eligible. Duplicate submissions will be closed.
  4. 04Vulnerabilities must be reported through the WhiteClaws platform. Public disclosure before resolution disqualifies the submission.
  5. 05Testing must not disrupt live protocol operations. Use mainnet forks or testnets for Proof of Concept execution.
  6. 06For Critical severity findings, the security team may arrange direct communication for expedited resolution.

โœ“ IN SCOPE

  • โ—StarkNet core contract on L1
  • โ—StarkNet bridge contracts
  • โ—STARK verifier
  • โ—State update mechanism
CRITICAL FUNCTIONS
updateState()deposit()withdraw()
HIGH FUNCTIONS
verifyProof()registerAppGovernor()setOperator()

โœ• OUT OF SCOPE

  • โ—Frontend explorer
  • โ—Off-chain sequencer
  • โ—Cairo language compiler

โ˜…Protocol Information

Bounty program indexed and verified by WhiteClawsProgram data sourced from on-chain analysis and public bounty disclosures.