• CoinStic
  • Posts
  • EOS Hands Out a Whopping $348,000 in Bug Bounties in Just Five Weeks

EOS Hands Out a Whopping $348,000 in Bug Bounties in Just Five Weeks

July 10, 2018

Since announcing its new bug bounty program at the start of June, EOS has resolved 42 bugs in its software and handed ethical hackers $348,000 in rewards.

EOS joined HackerOne, a bug bounty platform that partners with the global hacker community, after a Chinese security firm said it discovered “epic vulnerabilities” in the platform. EOS called the report FUD and said most of the reported kinks had already been fixed.

EOS rewards hackers $5,000 to $10,000 for finding critical bugs. The next reward-tiers range from $100 to $5,000.

Issues that qualify for rewards must do one of the following:

  1. Cause nodeos to crash via the P2P plugins (net_plugin or bnet_plugin)

  2. Cause nodeos to crash via the HTTP RPC API (http_plugin) with Patroneos protection

  3. Send a contract into an infinite loop

  4. Cause a contract to use a large amount of memory (more than 64MB)

  5. Crash nodeos with a contract

  6. Trigger unauthorized actions on accounts

  7. Cause a contract to run for more than 10 ms over deadline

If you want to submit a potential issue to the team, here’s what must be included:

  1. Asset – What software asset the vulnerability is related to (e.g. EOSIO core software/eosjs)

  2. Severity – Your opinion on the severity of the issue (e.g. high, moderate, low)

  3. Summary – ­Add summary of the vulnerability

  4. Description – Any additional details about this vulnerability

  5. Steps – Steps to reproduce

  6. Supporting Material/References ­– Source code to replicate; list any additional material (e.g. screenshots, logs, etc.)

  7. Impact – Type of security impact an attacker could achieve

  8. Your name and country

You can find out more about the bug bounty program here.

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.