Find bugs.
Earn bounties

Earn up to $500K by finding protocol bugs and vulnerabilities.

Submit report

Bug bounty program reinforces trust in the Sui ecosystem.

[ → ]

By rewarding white hat hackers for responsibly disclosing bugs and vulnerabilities, it helps ensure the platform remains secure, stable, and resilient as it evolves.

Impacts in Scope

The following impacts are accepted within this bug bounty program—refer to Sui's Immunefi Bug Bounty Program Page for an official and up-to-date listing. All other impacts are considered out-of-scope and ineligible for payout.

1
Critical - $500,000 USD
2
High - $50,000 USD
3
Medium - $10,000 USD
4
Low - $5,000 USD

Frequently asked questions

Where can I find more information on the bug bounty program?

All of the program details along with a link to the dashboard to report a bug are available on HackenProof’s bounty program page for Sui.

How do I join the program?

If you find a bug or vulnerability, report it using the HackenProof dashboard. You should receive an acknowledgement of your report within 48 hours for critical vulnerabilities and 96 hours for all other vulnerabilities.

Where can I get technical questions answered?

Sui and HackenProof will be conducting Office Hours to answer questions. A date will be announced on Twitter by @SuiNetwork. If you are not able to attend, you can email questions to support@hackenproof.com.

Who is behind this program?

The program is funded and managed by the Sui Foundation, in partnership with HackenProof.

Platform/

Solutions/

Developers/

Community/

Resources/

About/

©2025 Copyright Sui Foundation. All rights reserved