Ava Labs Avalanche

Ava Labs’s codebase can be found at https://github.com/ava-labs. Documentation and further resources can be found on https://docs.avax.network/. For details on standing up a local test network, sees https://docs.avax.network/tooling/network-runner.

libevm and avalanchego/graft

• If a bug is publicly disclosed in ethereum/go-ethereum, that bug is considered out-of-scope in this program.
• The following issues are considered out of scope:
  • Network-level Denial-of-Service (TCP/IP/P2P)
  • Misconfigurations of AvalancheGo nodes currently running on the Avalanche Network
  • Denial-of-Service, OOM, or panic on any API exposed by AvalancheGo
  • Any usage of the node's HTTP API through intended mediums. Intended mediums include usage:
    • requiring direct machine access
    • through explicitly opened RPC ports
    • This includes the ability to send HTTP requests that cause node panics, OOMs, increased disk usage, or causing the node to become unhealthy.
  • Consensus liveness failure requiring network control.
  • Ex: BGP hijacking attacks
  • Preventing a node from properly connecting to the P2P network due to brute force networking DoS vectors.
  • Ex: Syn attacking a specific node with a botnet.
  • Unintended node behavior caused by local disk failures.
  • Unintended node behavior caused by unusual node configuration deviating from best practices for node configurations
  • Compile time or runtime errors due to using unsupported hardware or operating systems.
  • Inability to automatically perform NAT-hole punching on specific router hardware.

Even if a bug is considered out-of-scope but you feel it should be disclosed privately, we appreciate any and all informational disclosures through this portal. Thanks for your responsible disclosure!

Blockchain/DLT - ICM Services: Excluding tests