Dear Flow Community,
As you may be aware, the upcoming release of Secure Cadence is the last step on the journey to enabling permissionless contract deployment. We have a Secure Cadence release candidate ready and would like to invite community members to participate in testing the release. New issues found will be subject to the bug bounty program, in line with the Flow Responsible Disclosure Policy.
As always, we welcome disclosures of all issues you may find and they all are subject to the bug bounty. That being said, the main goal of testing this release candidate is to find vulnerabilities exploitable through smart contract code execution, which could lead to:
- Modifying non-public state of an account without having access to its private key.
- Gaining control of the host machine.
- Destabilizing the Flow network (e.g. by crashing or significant slow-down of network nodes).
To receive access to a test environment running the Secure Cadence release candidate, please fill in this form or DM Jan.#6550 on Discord.
To report potential vulnerabilities follow the Flow Responsible Disclosure process by emailing details to security@onflow.org and adding โSecure Cadence Testingโ in the subject line. Do not discuss potential vulnerabilities in public channels.
For questions regarding the bug bounty program please respond to this thread or ask in the Cadence Discord channel.
If you are unsure about anything and would like to discuss - please email the Cadence team and we will get back to you.
Please note that this testing network is for security research purposes and the resources are limited, it is not meant to be used for testing real-world transaction loads - it is not a testnet replacement.