The Firedancer codebase can be found at https://github.com/firedancer-io/firedancer/tree/main. 

Documentation and further resources can be found on:

- Documentation: [https://firedancer-io.github.io/firedancer/](https://firedancer-io.github.io/firedancer/)
- Technical education: Technical articles, ReadMe's, whitepaper, etc.
- [https://github.com/firedancer-io/firedancer/blob/main/README.md](https://github.com/firedancer-io/firedancer/blob/main/README.md)
- [https://github.com/firedancer-io/firedancer/blob/main/src/disco/README.md](https://github.com/firedancer-io/firedancer/blob/main/src/disco/README.md)
- All header files contain sufficient documentation about each component's function
- Developer codebase walkthrough (recorded for the preceding contest): https://youtu.be/KJzZ5QApW2s
- Non-technical education: introductory videos, protocol summaries, FAQs, etc
- Solana Docs: https://solana.com/docs
- How to build and run a Node [https://firedancer-io.github.io/firedancer/guide/getting-started.html](https://firedancer-io.github.io/firedancer/guide/getting-started.html)

The full Firedancer implementation now exists as a separate binary, but only the Frankendancer validator `fdctl` is in scope for this bug bounty program.
Findings that apply exclusively to the full Firedancer binary (i.e., code not used by Frankendancer or fdctl) will be treated as informational (insight reports) and are not eligible for bounty rewards.


The Firedancer repository contains code for two validators:

- The latest Firedancer mainnet release, lovingly nicknamed “Frankendancer”, a split between Firedancer and the existing Agave validator written in Rust
- A full C-only Firedancer, completely replacing the existing Agave validator.


The full Firedancer code is behind a development flag, and findings in code that is only reachable in full Firedancer will be considered informational (aka insight reports).


The Frankendancer validator interfaces with the existing Agave validator written in Rust via an FFI interface. This FFI interface and the modifications to Agave to support such FFI are in scope, but bugs in the Agave validator itself that would impact existing Solana validators should be reported to the Agave bug bounty and are not considered in scope for the contest.


The directory and file listing are provided to help navigate the codebase and determine what is in scope. The ground truth for scope and impact will follow the production binary.

Firedancer is a new validator client for Solana.

A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk*

Modification of transaction fees outside of design parameters*

Unintended chain split (network partition)*

Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments*

Process to process RCE between sandboxed tiles

Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours*

Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network*

Any bug leading to loss of funds or acceptance of forged / invalid signatures

Key compromise/exfiltration exploit chain

Network not being able to confirm new transactions (total network shutdown)*

Unintended permanent chain split requiring hard fork (network partition requiring hard fork)*

Direct loss of funds*

Permanent freezing of funds (fix requires hard fork)*

Elevate privileges in the Firedancer GitHub repository to cut releases or commit to protected branches

Gain persistence on a CI runner node as an unprivileged user

Other security relevant privilege escalations in the Firedancer GitHub repository/organization

Any bug leading Firedancer to produce an invalid block or skip its leader slot

Consensus issues causing Firedancer validators to fork

Liveness issues that cause Firedancer validators to crash or be unavailable*

Infinite Mint

Any sandbox escape

Firedancer builds as a single production binary, fdctl. Code linked into and reachable from this binary in the latest Frankendancer release build and branch is in scope, including the primary `fdctl run` command. Code from the consensus, runtime, and other components of the full future Firedancer validator are not in scope. The FFI interface between Frankendancer and Agave is in scope, but bugs in Agave code that exist in the standalone Anza Agave validator are not in scope, and should be reported to Anza. Protocol bugs or design flaws in Solana are not in scope, and are reportable to Anza.

For cluster-level impact, a theoretical Firedancer-only chain is in scope. For example, while a chain halt is not currently possible on mainnet via a Firedancer-only exploit (since the network includes other validator clients), you may assume a 100% Firedancer validator set and demonstrate impacts such as a chain halt or chain split under those conditions.

The sandbox and security model are in scope. You may assume an existing RCE within a specific tile, and any findings downstream of that breach—such as a sandbox escape or gaining RCE in the sandbox of a different tile—are considered valid.

However, tiles in the Agave address space (e.g., bank, poh, store) are not considered sandboxed. As such, transitions from non-Agave tiles to Agave tiles—for example, going from pack → bank, net → store—do not constitute sandbox escapes and are explicitly out of scope. These tile boundaries do not represent sandbox isolation in the Frankendancer threat model and are based on different trust assumptions.
The primary security concern of the validator is defending against untrusted or malicious behavior originating from the network, and limiting damage in the event of RCE. Issues that are purely local to the validator and not remotely exploitable—such as command-line argument or environment variable handling—will be considered out of scope or informational.

The GUI is in scope. You may assume the GUI’s HTTP port is exposed to the public internet.
Vulnerabilities that involve, are triggered by, or relate to the block engine functionality may be considered valid. However, such findings will typically be assessed at a lower severity level.

**Special Note:** Severities noted by the **“*”** are those that we don’t believe are currently realizable risks with the amount of stake applied to Firedancer when authoring these terms. 

However, We believe these risks could be realized with more stake applied to Firedancer.  If you find something that realizes these risks, you are encouraged to submit it, and they will be rewarded according to their impact.

Firedancer Codebase

Rewards are distributed according to the impact of the vulnerability based on the [Immunefi Vulnerability Severity Classification System V2.3](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-3/). 


__Reward Payment Terms__

Payouts are handled by the Firedancer team directly and are denominated in USD. However, payments are made in USDC.