What is FVM?

The FVM (Filecoin Virtual Machine) adds smart contracts to the Filecoin blockchain, unlocking the world's largest open-access data economy. It enables developers to write and deploy custom code to run on top of the Filecoin blockchain, unleashing the ability to write software that automates the storage, retrieval, and ultimately the transformation of data in a web3-native way.

What is the FVM bulletproofing program?

The FVM team at Protocol Labs has been working on FVM Milestone 2.1, bringing user programmability to the FVM. It is scheduled to go live on Filecoin mainnet on March ‘23, and big things are happening on the journey to mainnet: Space Warp.

This milestone adds an EVM runtime to the Filecoin Virtual Machine, support for Ethereum accounts, signatures, and transactions, and an Ethereum JSON-RPC endpoint in Lotus. This milestone enables users to deploy code to the network for the first time, implying a step function change for the network.

An integral part of this massive development effort is to guarantee the overall security of the FVM, its EVM runtime, and its various components. We have designed a dedicated program to engage the wider security community to help us identify latent risks and problems stemming from different user scenarios and potential threat models prior to mainnet launch.

FVM Bulletproofing is an invite-only initiative that aims to engage experts from relevant fields — Wasm, Rust, EVM, blockchain/web3 security — to assess the codebase for latent vulnerabilities and earn rewards for new issues they find and report responsibly.

We are inviting expert security professionals, seasoned Rust developers, maintainers of the OSS libraries used by ref-fvm (e.g. wasmtime), whitehat hackers, auditors, and academics to participate in FVM Bulletproofing.

You can apply to participate by completing this registration form (archived)

The rewards pool will be $100k, paid out in FIL tokens, and distributed between qualifying, confirmed, and approved issue reports.


Program Mechanics

Explained: Program rewards

How we’ve made it easy for you

We understand that you may not be a Filecoin expert. And forcing you to understand how to run a Filecoin node from scratch would be a significant learning curve and investment. However, you will want to test and validate your potential discoveries against a real Lotus node.