Bug Bounties

Hedera Hashgraph

Powered by: 

Allows bounty splitting: 

Average time to first program response: 7

Average time to bounty awarded null: 279

Average time to report resolved: 617

Handle hedera-hashgraph

Managed program: true

Name: Hedera Hashgraph

Offers bounties: true

Offers swag: true

Response efficiency percentage: 96

Submission state: open

Url: https://hackerone.com/hedera-hashgraph

Website: https://www.hedera.com

In scope:

  • Asset identifier: Hedera Go SDK
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://github.com/hashgraph/hedera-sdk-go The Hedera Go SDK provides services for interacting with Hedera Hashgraph.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Hedera Java SDK
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://github.com/hashgraph/hedera-sdk-java The Hedera Java SDK provides services for interacting with Hedera Hashgraph.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Hedera Javascript SDK
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction:  https://github.com/hashgraph/hedera-sdk-js The Hedera Javascript SDK provides services for interacting with Hedera Hashgraph.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Hedera Mirror Node Codebase
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://github.com/hashgraph/hedera-mirror-node Hedera Mirror Nodes receive information from the Hedera nodes and can provide value-added services such as APIs, auditing, analytics, visibility services, security threat modeling, data monetization services, etc.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Hedera Network Services Codebase
  • Asset type: SOURCE_CODE
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://github.com/hashgraph/hedera-services Services run by Hedera consensus nodes. Testing for the purposes of bug bounties is best replicated using Local Nodes.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Hedera Testnet API Endpoints
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: nodes: https://docs.hedera.com/guides/testnet/testnet-nodes Testnet nodes belong to the test network and run the same code as the Hedera Mainnet nodes.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Testnet Mirror Node APIs
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://testnet.mirrornode.hedera.com https://hcs.testnet.mirrornode.hedera.com
  • Integrity requirements: 
  • Max severity: critical