DeFiChain Bug Bounty Program

DeFiChain is engaging with security experts as well as the community to hunt down vulnerabilities. Our bounty program rewards up to USD 50,000.



DeFiChain thanks the following bounty hunters in their efforts to keep DeFiChain secure.

Dr. Daniel Cagara

Dr. Daniel Cagara

  • Masternode mining efficiency exploit
    5,000 DFI
    15,000 USD
  • 3rd-party masternode fund lockup issue
    1,500 DFI
    4,500 USD
  • Probabilistic side mining exploit
    2,500 DFI
    7,500 USD
  • Dropping of masternode through transaction malleability
    4,000 DFI
    12,000 USD
  • Masternode quorum anchor confirmation bug
    3,000 DFI
    9,000 USD
  • Masternode boost with infinite timelock
    4,000 DFI
    12,000 USD
  • Total bounty
    20,000 DFI
    60,000 USD

How to participate

There are many ways to get started finding a bug bounty. You can start by connecting to the DeFiChain testnet by running defid -testnet. Alternatively, you could study our source code at GitHub.

If you find a bug through interacting with our program and/or studying our source code, we can offer a bug bounty of up to USD 50,000 worth of DFI provided that we find the bug significant, and you are able to provide useful info in regards to fixing or reproducing the issue.

Be sure to study the code that is tagged for official releases, not the master branch or other code that is still currently under development.

Submission process

As security is a sensitive issue, we encourage users not to submit public issues regarding the security of the blockchain. We encourage using your own descretion, if you feel the issue is not something the public can easily exploit, then feel free to create an issue at the repo over at GitHub. If the issue presents some critical exploit, then please email us instead at

In your submission please include:

  • A clear description of the issue
  • A fix for the issue, preferably as a pull request
  • If unable to provide a fix, then please provide clear directions on how to reproduce the issue
  • Your email address or other relevant contact details (e.g. Telegram ID)
  • Your DFI address for receiving the bounty if your submission is approved