DrDrops
Dr.Drops 🔥 -> Updates on Hottest Crypto Events -> Join Community ✅ Ad
Solana project - Logo.

Solana
Solana Agave Security Bug Bounties

Active 01 Feb 2024 - TBA

Solana is a high-performance, permissionless blockchain offering scalable infrastructure for decentralized applications. To ensure maximum network resilience, the Solana Foundation maintains a continuous Security Bug Bounty program for the Agave validator client. Managed via the Anza repository, this initiative incentivizes security researchers to responsibly disclose critical network vulnerabilities. With a major policy update effective February 1, 2024, rewards are now exclusively denominated in SOL tokens and distributed as 12-month locked stake accounts.

CoinLaunch Score: Last update:
High 10 Jul 2026

Solana - Solana Agave Security Bug Bounties Overview

start date: 01 Feb 2024
end date: TBA
Reward Distribution: TBA
More about Solana
Reward N/A
Reward Pool: Discretionary (Max 25,000 SOL per bug)
Winners: N/A

How to join Solana - Solana Agave Security Bug Bounties?

Participants can earn varying amounts of locked SOL based on the severity of the disclosed vulnerability. The highest tier covers Loss of Funds exploits, granting up to 25,000 SOL (with a minimum of 6,250 SOL). Other critical tiers include Consensus/Safety Violations paying out between 3,125 and 12,500 SOL, while Liveness or Loss of Availability issues are rewarded between 1,250 and 5,000 SOL. Minor bugs such as RPC DoS crashes yield between 20 and 65 SOL.

The program operates via a strict private disclosure process on the official GitHub portal. Submissions must include a robust proof-of-concept (PoC) affecting the master branch of the Agave monorepo. The impact of this rigorous program was recently demonstrated in April 2025, when security researcher LonelySloth successfully identified and reported a critical vulnerability within the ZK ElGamal Proof Program affecting Token-22 confidential transfers, which was promptly patched in Agave versions v2.1.21 and v2.2.11.

Step-by-step Guide

  • Enable two-factor authentication (2FA) on your GitHub account.

  • Access the private reporting portal on the official Agave repository.

  • Submit a detailed report alongside a working exploit proof-of-concept (PoC) affecting the master branch.

  • Email the Anza security team at [email protected] with the full advisory URL if you do not receive a response within 72 hours.

  • Complete the mandatory KYC verification prior to the distribution of any locked SOL rewards.

Share this event:
No Comments
No comments yet