With the initial launch of ZF Grants, we're looking for help identifying bugs on the road to mainnet launch.

The Zcash Foundation and Grant.io team are asking the community to help us test out the new Grants system, and find any critical issues before an upcoming mainnet launch.

For non-critical bugs, please use our GitHub issue queue to lodge bug reports.

For critical bugs, please review our Responsible Disclosure Policy. Critical bug disclosures that follow our Responsible Disclosure Policy will be eligible for a $500 reward (paid out in USD, not testnet coins). Because we don't currently have a document detailing bug scope, please use your best judgement when disclosing critical vulnerabilities, and err on the side of caution. Some examples that include but are not limited to what we would consider critical bugs are:

Manipulating the display of addresses to steal user funds

Gaining access to private user data

Circumventing authentication to impersonate a user or gain access to administrative functions

Causing service disruptions (DDOS or other spam attacks notwithstanding)

Cross site scripting injections

Bug bounties will be paid out by the Grant.io team, and will require relevant tax documents and associated compliance procedures.