Our Mainnet Rehearsal which was kicked off on Mar 27 went smoothly with 50+ delegates in the past week! It has provided a solid foundation for our coming Mainnet Alpha public release in mid-April. Now we need YOUR help from the community to build a stronger IoTeX network together — we are excited to announce the DDoS Attack Bounty Program! Same with the earlier Bug Bounty program, it is an open offer to external individuals to receive compensation for initializing success DDoS attacks.

Security and stableness is our №1 priority. We all know that no technology is perfect, and IoTeX believes that working with researchers, developers, engineers and technologists across the globe is crucial in identifying weaknesses in our blockchain infrastructure while we are building. We will reward the participants who take our network offline by DDoS attack.

Campaign Period

04/05/19 5:00 PM PDT till Mainnet Alpha Launches

Scope

The scope of the program is limited to IoTeX Mainnet Rehearsal Network — https://github.com/iotexproject/iotex-core, which especially focuses on network attacks.

Qualifying DDoS Attack Cases

To qualify for bounty, your report must be original and previously unreported.

All types of DDoS cases are qualified for the reward, including but not limited to:

UDP Flood

ICMP (Ping) Flood

SYN Flood

Ping of Death

Slowloris

NTP Amplification

HTTP Flood

Please note that the reward decisions are up to the discretion of IoTeX Foundation.

Rewards

For each qualified attack, we will offer 50,000 IOTX as a one-time thank-you reward.

Reporting

To claim a DDoS attack, please submit a proof report through http://iotex.io/bugs with the following information:

Category of the attack Targets Steps to reproduce Supporting Material/References, e.g., source code, scripts Mitigate recommendation Your name and country, e.g., unidentified submitters will not be eligible for reward

Please note that

You will qualify for a reward only if you were the first person to alert us to a previously unknown issue. We will update you on the progress of your report ­when it is accepted, validated, and when the bounty is repaid

Technical discussions in https://gitter.im/iotex-dev-community/Lobby are encouraged but do not disclose bug details without informing us first

Our engineering team (who will communicate with a valid @iotex.io email) may outreach to you for further information on the bug if needed.

Disclaimer

This is an experimental and discretionary rewards program, and IoTeX Foundation can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at IoTeX Foundation’s discretion. The participants’ exploit or testing should not violate any law, or disrupt or compromise any data unauthorizedly.