HackNet
Stress test Chromia’s core codebase while uncovering and reporting potential vulnerabilities and edge cases
How Do I Participate?
HackNet Reporting FormHackNet node endpoints can be found by using Chromia Explorer.
HackNet containers can be deployed from our staking page.
Non-stakers can open a container by making a request on our Discord, in the Dev's Community -> HackNet channel.
Click here to access Chromia Vault for HackNet.
Links to our code repos and official documentation can be found in the List of Repositories section further down (more detailed documentation can also be found in each repo).
We are looking to find potential issues in anything from our tooling, node software or even our consensus method.
How you find these issues is up to you. The most common methods would be to interact directly with the network, or to review the code.
If you manage to cause an unexpected result or something seems to be broken, let us know by completing our HackNet Reporting Form.
Reward Pool Details
Individual rewards will range from 1,000 to 10,000 CHR per report, and will be determined based on the nature of the issues found and the quality of the feedback provided.
Any leftover CHR tokens in this reward pool at the conclusion of the event will be rolled back into the promotional fund for future use.
This program will award up to a total of 100K $CHR tokens.
Please note, all CHR rewards are awarded at the sole discretion of the Chromia team.
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F952x952%2Fb5f34c3ed3%2Ftrophy.webp&w=3840&q=75)
What Could I Be Testing?
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F800x688%2F53284f7b3e%2Ficon-hacknet-core.webp&w=3840&q=75)
Chromia Core (postchain and system chains)
EBFT consensus
Resource isolation between containers
Privilege escalation to run dapp chains as system chains
Exploit which exposes private keys from nodes
Native Fees (Deploy a container without paying CHR tokens, Gain unauthorized access to rewards)
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F800x688%2F82f51ae816%2Ficon-hacknet-bridge.webp&w=3840&q=75)
Bridge
Exploits that enable privilege escalation
Exploits that stop users from depositing/withdrawing
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F800x688%2Fbd455bf7a7%2Ficon-hacknet-protocol.webp&w=3840&q=75)
FT4 Protocol
Exploits that enable privilege escalation
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F800x688%2F41aa934c91%2Ficon-hacknet-rell.webp&w=3840&q=75)
Rell
Exploit the language to gain unauthorized access to db tables
Exploit the language to gain unauthorized access to the subnode's system (access file system, network, Docker daemon, etc.)
Exploit the language to create an instance of a non-deterministic program
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F800x688%2F45f582bfe7%2Ficon-hacknet-frontend.webp&w=3840&q=75)
Frontend clients
Gain access to user credentials
Modify transactions
Send unauthorized transactions
![](/_next/image?url=https%3A%2F%2Fa.storyblok.com%2Ff%2F203563%2F800x688%2Fe303c485a2%2Ficon-hacknet-docs.webp&w=3840&q=75)
Docs
Add or modify information in official docs as part of an attack