MVP Mainnet is live!
Closed on June 28


Stress test Chromia’s core codebase while uncovering and reporting potential vulnerabilities and edge cases

Reward Pool:100K $CHR

How Do I Participate?

HackNet Reporting Form

HackNet node endpoints can be found by using Chromia Explorer.

HackNet containers can be deployed from our staking page.

Non-stakers can open a container by making a request on our Discord, in the Dev's Community -> HackNet channel.

Click here to access Chromia Vault for HackNet.

Links to our code repos and official documentation can be found in the List of Repositories section further down (more detailed documentation can also be found in each repo).

We are looking to find potential issues in anything from our tooling, node software or even our consensus method.

How you find these issues is up to you. The most common methods would be to interact directly with the network, or to review the code.


If you manage to cause an unexpected result or something seems to be broken, let us know by completing our HackNet Reporting Form.

Reward Pool Details

  • Individual rewards will range from 1,000 to 10,000 CHR per report, and will be determined based on the nature of the issues found and the quality of the feedback provided. 

  • Any leftover CHR tokens in this reward pool at the conclusion of the event will be rolled back into the promotional fund for future use. 

This program will award up to a total of 100K $CHR tokens

Please note, all CHR rewards are awarded at the sole discretion of the Chromia team. 

What Could I Be Testing?

Chromia Core (postchain and system chains)

  • EBFT consensus

  • Resource isolation between containers

  • Privilege escalation to run dapp chains as system chains

  • Exploit which exposes private keys from nodes

  • Native Fees (Deploy a container without paying CHR tokens, Gain unauthorized access to rewards)


  • Exploits that enable privilege escalation

  • Exploits that stop users from depositing/withdrawing

FT4 Protocol

  • Exploits that enable privilege escalation


  • Exploit the language to gain unauthorized access to db tables

  • Exploit the language to gain unauthorized access to the subnode's system (access file system, network, Docker daemon, etc.)

  • Exploit the language to create an instance of a non-deterministic program

Frontend clients

  • Gain access to user credentials

  • Modify transactions

  • Send unauthorized transactions


  • Add or modify information in official docs as part of an attack

Chromia Documentation

Build the future with Chromia

HackNet FAQ