5667 policies in database
Link to program      
Matic Network logo


Matic Network

Matic Network looks forward to working with the security community to find security vulnerabilities in order to keep our businesses and customers safe.

Response Targets

Matic Network will make a best effort to meet the following response targets for hackers participating in our program:

  • Time to first response (from report submit) - 2 business days
  • Time to triage (from report submit) - 2 business days
  • Time to bounty (from triage) - 10 business days

We’ll try to keep you informed about our progress throughout the process.

Disclosure Policy

  • As this is a private program, please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.
  • Follow HackerOne's disclosure guidelines .

Program Rules

  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Submit one vulnerability per-report, unless you need to chain vulnerabilities to provide impact.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
  • Reports out of scope will not be considered. Please check before you submit.
  • Attacking any other Testnet than Matic Network’s designated testnet for this program is prohibited
  • Attacking any other network than Matic Network is prohibited
  • Any reports that are out of scope but that are deemed valuable or business impactful to Matic will be considered at Matic's discretion. These reports may be triaged (awarded Reputation Points) but will not be eligible for a bounty.

Test Plan

Getting Started

Setting up

The Matic CLI repo is an easy way to setup and manage Matic validator nodes on a local environment. This would help in simulating tests and attacks locally.

  • If you want to run a node on the Counter Stake - Stage 2 staking testnet, you follow the instructions on these links:


Linux Package


Getting Tokens for Testing

  • To get tokens you can access our faucet: https://faucet.matic.network/ and choose the Goerli network to get some tokens. Or you can drop an email with your ETH address to delroy(@)matic.network

You’re now set up to start looking for vulnerabilities.

Have questions?

Check out the forum and join the discussion on Discord.
Forum - https://forum.matic.network
Discord - https://discord.gg/XvpHAxZ


Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Please note these are general guidelines, and reward decisions are up to the discretion of Matic Network.

Critical (9.0 - 10.0) | High (7.0 - 8.9) | Medium (4.0 - 6.9) | Low (0.1 - 3.9)
$5,000 | $3,000 | $1,500 | $300

Indicative examples of valid attacks that could be done on Matic Network

Type of Attack

Double spend by getting the clients to accept a different chain
Double spend by validating malicious blocks
Tamper/manipulate blockchain history to invalidate transactions
Cause network to mint tokens to own account
Undermine consensus mechanism to split the chain
Censorship (e.g. on votes)
Steal tokens from node
Prevent node from accessing the network
Abuse bugs in the economic system to defraud other participants (e.g. avoid transaction fees to full nodes)
DDOS attack
Chain halt and shutting down the network

In Scope Repositories

  • Heimdall - This github repository contains the source code for one of the core components of Matic. Heimdall is the heart of the Matic system. It manages validators, block producer selection, spans, the state-sync mechanism between Ethereum and Matic, and other essential aspects of the system.

URL - https://github.com/maticnetwork/heimdall
Category - Critical

  • Bor - The Bor node or the Block Producer implementation is basically the sidechain operator. The sidechain VM is EVM-compatible.

URL - https://github.com/maticnetwork/bor
Category - Critical

  • Contracts - This repository contains the smart contracts that power Matic Network

URL - https://github.com/maticnetwork/contracts
Category - Critical

Out of Scope Repositories examples

And any other repositories that are not mentioned “In-Scope” is considered as out of scope.

Out of scope vulnerabilities

When reporting vulnerabilities, please consider (1) attack

scenario/exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

  • Previously known vulnerabilities (resolved or not) on the Ethereum network (and any other fork of these).
  • Previously known vulnerabilities in Tendermint and or/any other fork of these.
  • Previously known vulnerabilities in cosmos-sdk and or/any other fork of these.
  • Attacks requiring MITM or physical access to a user's device.
  • Previously known vulnerable libraries without a working Proof of Concept.
  • Public Zero-day vulnerabilities that have had an official patch for less than 1 month will be awarded on a case by case basis.

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep Matic Network and our users safe!

In Scope

Scope Type Scope Name






Out of Scope

Scope Type Scope Name








This program crawled on the 2020-07-21 is sorted as bounty.

FireBounty © 2015-2020

Legal notices