Verified Wallet Bug Bounty
Hosted on DoraHacksFetched about 2 months ago
Friday, December 12, 2025
to Friday, January 30, 2026
•
2 months long
CybersecurityBlockchainFintech
Event Type
online
79
Participants
USD5,000
Prize Pool
7
Est. Projects
Organizers
The Verified Network invites white-hat hackers and security researchers to participate in an intensive Bug Bounty Hackathon focused on securing The Verified Wallet extension. With a prize pool of $5,000, this campaign is dedicated to identifying and responsibly disclosing critical vulnerabilities related to key management, transaction signing, and self-custody logic within our open-source codebase. Our goal is to solidify The Verified Wallet as the most secure, user-centric wallet on the market. Your expertise is critical to achieving this.
Assets in Scope:
- The Verified Wallet Extension Link: https://chromewebstore.google.com/detail/abkgckcpmnbipkfhkkchkdfkmccjdmkh?utm_source=item-share-cb
- Key Management and Recovery Logic
- Transaction Signing and Broadcasting Mechanisms
Timeline:
- Event Start Date: 10th December 2025
- End Date: 30th December 2025
- Hacker Registration: 08-Dec-2025, 8:00am to 29th-Dec-2025, Time: 9:00pm
- Submission Period: 10th to 30th December
- Judging & Validation: 7 days after Submission
- Winner Announcement: 12th January 2026.
Prizes
A total prize pool of up to $5,000 USD will be distributed in USDC or ETH to successful submissions, based on severity. Rewards are non-cumulative; only the first report of a valid vulnerability is eligible for a reward.
- Critical Severity (CVSS 9.0-10.0):
- Impact: Direct loss/theft of user funds or private keys; unauthorized minting; permanent asset freezing.
- Reward Range: Up to $2,500 USD.
- High Severity (CVSS 7.0-8.9):
- Impact: Unauthorized transaction signing (without user consent); major access control bypass; leakage of sensitive, non-key data.
- Reward Range: Up to $1,500 USD.
- Medium Severity (CVSS 4.0-6.9):
- Impact: Non-critical XSS; minor logic flaws leading to loss of usability; un-authenticated information exposure.
- Reward Range: Up to $750 USD.
- Low Severity (CVSS 0.1-3.9):
- Impact: Best practices violations; minor security-related misconfigurations (if no direct exploit path is shown).
- Reward Range: Up to $250 USD.
Eligibility
- Any white-hat hacker, security researcher, or developer is welcome to participate.
- Participation is subject to local laws and regulations.
- Submissions must be original and not publicly disclosed prior to reporting.
- Projects may be submitted individually or as a team (up to 4 members recommended).
Judging Criteria
Submissions will be judged exclusively on the following criteria:
1. Exploit Impact and Severity (60%): The real-world financial or security risk posed by the vulnerability.
2. Quality of Proof of Concept (PoC) (30%): The clarity and quality of the test case provided.
3. Affected Component and Clarity (10%): The bug is clearly documented with step-by-step instructions.
Note: General UX feedback, feature requests, or theoretical vulnerabilities will not be considered for a prize.
Out-of-Scope (Please Do Not Test)
- Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
- Attacks requiring physical access to the victim's device.
- Automated scanner reports without manual validation and a working PoC.
Contact Us
For technical questions and quick support during the Hackathon:
- Discord: https://discord.gg/cJh5WDGjGV
- Email: interest@verified.network