Hathor is a digital platform for financial transactions and contracts with a unique combination of high scalability and high decentralization. It creates the perfect environment for multiple use cases where scale, efficiency, long-term security, and censorship-resistance through network distribution combined are needed or can drastically cut current costs and bureaucracy.
PoC Required
KYC required
Codebase
Documentation
Only the latest release is in scope for Blockchain/DLT and Web/App assets. You can access the latest release for a repository by adding "releases/latest" to the end of a repository's URL.
Never run tests on Hathor's production environments such as the mainnet. If you believe your attack would only work in our production environment, get in touch with us at security@hathor.network.
All config and test files are considered as out-of-scope of this bug bounty program.
hathor-core/hathor/wallet is out-of-scope. https://github.com/HathorNetwork/hathor-core/tree/master/hathor/wallet
Nano contracts have been launched in a controlled rollout. It currently does not have fees or proper sandboxing. For that reason, users cannot freely send contracts (blueprints, the code that runs nano contracts) to the network. Everything is reviewed by Hathor Labs before being added to the network. Therefore, reports such as unbounded loops or unmetered resources are not valid for nano contracts. Nano contracts code is here: https://github.com/HathorNetwork/hathor-core/tree/master/hathor/nanocontracts
All code of Hathor Network can be found at https://github.com/HathorNetwork. However, only those in the Assets in Scope table are considered as in-scope of the bug bounty program.
Documentation and instruction for PoC can be found here: