EOS Hands Out a Whopping $348,000 in Bug Bounties in Just Five Weeks
Since announcing its new bug bounty program at the start of June, EOS has resolved 42 bugs in its software and handed ethical hackers $348,000 in rewards.
EOS joined HackerOne, a bug bounty platform that partners with the global hacker community, after a Chinese security firm said it discovered “epic vulnerabilities” in the platform. EOS called the report FUD and said most of the reported kinks had already been fixed.
EOS rewards hackers $5,000 to $10,000 for finding critical bugs. The next reward-tiers range from $100 to $5,000.
Issues that qualify for rewards must do one of the following:
- Cause nodeos to crash via the P2P plugins (net_plugin or bnet_plugin)
- Cause nodeos to crash via the HTTP RPC API (http_plugin) with Patroneos protection
- Send a contract into an infinite loop
- Cause a contract to use a large amount of memory (more than 64MB)
- Crash nodeos with a contract
- Trigger unauthorized actions on accounts
- Cause a contract to run for more than 10 ms over deadline
If you want to submit a potential issue to the team, here’s what must be included:
- Asset – What software asset the vulnerability is related to (e.g. EOSIO core software/eosjs)
- Severity – Your opinion on the severity of the issue (e.g. high, moderate, low)
- Summary – Add summary of the vulnerability
- Description – Any additional details about this vulnerability
- Steps – Steps to reproduce
- Supporting Material/References – Source code to replicate; list any additional material (e.g. screenshots, logs, etc.)
- Impact – Type of security impact an attacker could achieve
- Your name and country
You can find out more about the bug bounty program here.