Phantom
Maximum reward
$100,000
Severity
Max. Reward
Critical$100,000
High$12,500
Medium$5,000
Low$500
No deposit required
Findings submitted
5
Start date
10 Nov 2025
Please sign in as a researcher to join the bounty.
Log inIn scope
Severity
Min and Max Reward
CriticalUp to $50,000
High
Up to $12,500
Medium
Up to $5,000
Low
Up to $500
InformationalDiscretionary
Name | Description | Asset |
|---|---|---|
| Browser Extension | Chrome | |
| Mobile | iOS | |
| Mobile | Android |
Out of scope
Ineligible Assets
By design our systems and apps interact with numerous third parties including RPC providers and on-chain smart contracts/programs.
Unless explicitly specified in the targets section, these are considered out of scope and testing is not authorized.
If you discover a vulnerability in any component that is not explicitly listed but poses a risk to user funds, user data, or the integrity of the system, you may submit it for consideration. The team will review such submissions on a case-by-case basis.
Additionally, the following hosts are not developed by Phantom, and would not qualify for a reward.
Name | Description | Asset |
|---|---|---|
| Zendesk (Help Center) | ||
| Canny | ||
| StatusPal | ||
| Mintlify (Documentation) |
False Positives
The following are common false positives, and are therefore not eligible for a reward within the program:
- Public client-side keys, tokens, request-signing material, anti-abuse signals, or configuration values embedded in Phantom clients, including analytics identifiers, feature flag keys, public RPC URLs, build metadata, commit SHAs, or CMS configuration. Possession or reuse of client-distributed values is not eligible by itself unless the report demonstrates privileged access, unauthorized writes, bypass of server-side authorization or abuse controls, sensitive data exposure, or another concrete security impact
- Public blockchain data or public RPC access, including unauthenticated access to blockchain RPC methods, public wallet addresses, swap quotes, or transaction construction endpoints, unless the report demonstrates exposure of private Phantom/user data or a protected operation.
- Direct API access using values recoverable from Phantom’s public clients, where the API returns public, client-intended, or onchain-derived data and no protected operation is reached.
- Missing security headers, CSP/HSTS/X-Frame-Options observations, or CORS policies that only allow Phantom-owned origins, unless the report demonstrates a concrete exploit against a sensitive user flow.
- Clickjacking, tapjacking, or UI redressing reports that do not demonstrate unauthorized access to sensitive wallet capabilities, sensitive wallet data exposure, or another concrete user-impacting security outcome.
- Denial-of-service or rate-limit reports that do not demonstrate measurable service degradation, persistent user impact, or exhaustion of shared production resources.
- Reports based only on automated scanners, theoretical exploit chains, or proof that an endpoint accepts unusual input, without manual validation of security impact.
- Public CMS, documentation, marketing, status-page, geo/config, or feedback metadata that does not expose sensitive non-public data or allow unauthorized modification.
- Public DNS records, internal-looking hostnames, private IPs in DNS responses, public buckets containing public assets, or infrastructure metadata without a demonstrated path to takeover, access, secrets, or protected control bypass.
- LLM-generated seed phrases or seed phrases previously leaked online by users.
- Brute forcing seed phrases, private keys, or wallet addresses. Lack of rate limiting for these search spaces is not considered valid.
- Social engineering, phishing content, malicious tokens, malicious liquidity pools, fake support phone numbers, or user/third-party leaks where the issue is not caused by a Phantom-controlled vulnerability.
- Reports against Phantom-controlled media, CMS, or metadata proxy surfaces that only show intended public fetch/render behavior, public CMS data, or proxying of attacker-controlled public content without sensitive data exposure, unauthorized writes, or protected control bypass.
Additionally, reports in the following categories are generally treated as duplicates unless they include materially new impact, exploitability, or affected-asset evidence:
- Findings against deprecated or legacy blocklist/phishing endpoints that are not the active protection path used by current Phantom clients.
- Reports about issues Phantom had already identified through internal testing, monitoring, audits, partner/vendor notifications, prior reports, or existing remediation work before the submission.
Out-of-Scope Issues
The following are explicitly out of scope:
Client-Side Applications
- Attacks requiring physical access to an unlocked device, local device compromise, browser/devtools access, or same-OS-user file access without an additional Phantom security boundary bypass.
- Issues requiring unlikely user interaction without a realistic attack path.
- OS-level app association or local app handoff behavior that requires a malicious app to already be installed and manually selected by the user, unless it demonstrates a realistic remote exploit path affecting Phantom-controlled security boundaries.
- In-app browser behavior where Phantom is acting as a normal browser and the report does not demonstrate a Phantom-specific security boundary bypass, sensitive wallet data exposure, or unauthorized access to protected wallet capabilities.
- Temporary crashes, hangs, alert loops, or self-DoS conditions that do not persist beyond the attacker-controlled page or require no recovery beyond closing/restarting the app.
- Reports that a connected site can read public addresses for chains associated with the connected Phantom account.
Web Applications
- Issues in third-party SaaS platforms or hosted services that Phantom does not control and that must be remediated by the vendor.
- Issues on public documentation, marketing, CMS, status, or analytics endpoints without sensitive data exposure or unauthorized write access.
- Open redirects, broken links, or unsafe external links without a demonstrated security impact.
- Public dev, staging, or preview environments where the report only shows that the environment is reachable or that login, consent, or informational pages load.
- Scanner-only findings for TLS, security headers, cookies, cache control, or other hardening best practices without demonstrated exploitability.
- Issues requiring unlikely, highly contrived, or unrealistic user interaction without a plausible attack path.
- Content spoofing or text injection without the ability to modify HTML/CSS or demonstrate a concrete attack vector.
- CSRF affecting unauthenticated forms, logout flows, or forms that do not perform sensitive state-changing actions.
- Clickjacking on pages that do not expose sensitive actions.
- Tabnabbing without a demonstrated impact against Phantom users.
- Missing cookie flags, including
HttpOnly,Secure, orSameSite, without demonstrated exploitability. - Missing or weak SSL/TLS, CSP, or other security-header best practices without proven security impact.
- Software version disclosure, banner disclosure, descriptive errors, stack traces, or application/server error messages without demonstrated impact.
- Issues that only affect outdated or unpatched browsers more than two stable versions behind the latest release.
Platform Infrastructure
- Public DNS, hostnames, IPs, cloud metadata, load balancer names, or object listings that do not expose sensitive data or grant access.
- Public client-side infrastructure identifiers or API keys without privileged access or demonstrated impact.
- Dependency-confusion or supply-chain reports without evidence that Phantom-controlled infrastructure executed attacker-controlled code.
- Rate-limit bypass claims based only on IP rotation, VPN use, or repeated requests without concrete impact.
- Third-party identity, support, docs, hosting, or vendor-managed infrastructure where Phantom cannot deploy the fix directly, unless the report demonstrates impact to Phantom-controlled data or users.
- Missing email security best practices, including invalid, incomplete, or missing SPF, DKIM, or DMARC records, without demonstrated impact.
- Previously known vulnerable libraries or components without a working proof of concept against Phantom-controlled assets, or issues that can only be fixed by a third-party vendor.
Onchain Assets
- Attacks that require compromising a user’s seed phrase/private key or brute forcing wallet material.
- Malicious tokens, scam contracts, phishing sites, bad liquidity pools, MEV, sandwiching, or market behavior not caused by a Phantom-controlled smart contract or wallet security issue.
- Public onchain data visibility, mempool visibility, or transaction metadata that is already observable to network participants.
- User-approved transactions where the report does not demonstrate incorrect Phantom-controlled transaction analysis, unexpected transaction construction by Phantom-controlled code, or failure of an enforced Phantom-controlled validation control.
Default Out of Scope:
- Please refer to the docs for default out of scope guidelines