is there any bug bountys?

[ilikehackinggames]

im working on fuzzing the lua parser with a lexser and was wondering if i find any security vunerabilitys where i should report them. i already found a segfault but i dont think its useful. will report it soon.

[eugenekay]

Edit: New guidance from Staff is in the next Reply.

I have never seen a Bug Bounty discussed; Wube Software is a small team. Most of us Players are here for the Fun of it.

There is not an official separate Security Contact - it says “Our main communication point is our official forum”, so you’re already in the right place. Receiving a reply from support@factorio.com for Security related disclosures concerning the website Infrastructure previously has not been responsive for me; But I have tried. Nothing serious enough to warrant a CVE or widely applicable, but there is always a hole somewhere…

I personally have fuzzed the Network code using some Automated tools, and did not find anything that would result in remote code execution (except for that inside the Lua Sandbox, which is intentional as part of the Game). I did not look for any Sandbox exploits myself; but I think that there had been an issue with that before the 1.0 release…. Good Luck in your hunting!

[Bilka]

Please report security vulnerabilities privately at factorio@factorio.com

[ilikehackinggames]

Edit: New guidance from Staff is in the next Reply.

I have never seen a Bug Bounty discussed; Wube Software is a small team. Most of us Players are here for the Fun of it.

yea thats fair. though if i did find a rce (unlikely) i would hope they would at least be willing to give me a free copy of SA or something lol