Tron’s new bug bounty program is paying off.
Since launching at the end of May, Tron has handed out $25,000 to ethical hackers who have identified vulnerabilities on its new blockchain, according to HackerOne.
The platform is now offering payouts for $50,000, $10,000 and $6,000 based on the severity of the bug. Here’s the breakdown:
Critical – $50,000
- bugs which can take control of java-tron nodes by remote execution of any code
- bugs which can lead to private key leakage
High – $10,000
- bugs which can incur Denial of Service (DoS) in java-tron through P2P network
- bugs which can incur Denial of Service (DoS) in java-tron through RPC-API
Medium – $6,000
- bugs which can incur Denial of Service (DoS) in java-tron through TRON Protocol
- bugs allowing unauthorized operations on user accounts
In addition, hackers who find low priority bugs can earn $100. At this point, only bugs found in the java-tron code repositories are eligible for bounties.
Issues with tronscan.org, tron.network and tronlab.com do not have any bounties associated with them, although Tron is encouraging people to report issues if they find any.
To report bugs, you can contact the Tron team through HackerOne and include:
- The source of the bug, e.g. tronprotocol/java-tron
- Your personal assessment of the severity of the bug as medium/high/critical
- A summary of the bug
- A detailed description of the bug
- Instructions to recreate the bug
- Other supplementary materials such as proof of concepts, source code, screenshots or logs