æternity’s Bug Bounty at HackerOne

With æternity going live, it is time to launch a general bug bounty and allow anyone to contribute to the security and stability of the æternity code.

æternity’s developer team is currently focused on making improvements and heavy testing. You can join this effort and help us address any issues or vulnerabilities we may have missed. New features and improvements will continue to be implemented in æternity beyond the Roma Release, so becoming a regular contributor is an option.

æternity aims to be the backbone of a new generation of decentralized applications. As such, we strive to develop a secure and efficient infrastructure which is easy to use by both developers and users. With that in mind:

We are announcing a bug bounty program to encourage independent developers, security experts and researchers to engage with the æternity platform and spot possible security flaws.

We know from experience that the greater the number of eyes looking at the code, the more secure it will become. Different points of view and backgrounds are essential in identifying weaknesses in any network. You are thereby cordially invited to share your unique perspectives on æternity’s codebase.

Scope

æternity’s bug bounty program encompasses the code found in the following repositories:

While there are many more software components that make æternity what it is currently, we are mostly interested in those essential to the network.

At this stage, bugs of the highest priority are considered to be those concerning consensus, all accounts or RCE on machines running node software. We reserve the right to assess the severity of the identified issues, but we appreciate all your input on the matter. The rewards are as follows:

Critical: 5000 USD

High: 2000 USD

Medium: 750 USD

Low: 250 USD

For detailed information, please have a look at æternity’s HackerOne page:

How to report a bug?

To be considered valid, all submissions must be made through æternity’s HackerOne page.

We kindly ask you to be patient and give us enough time to go through your report.

We will count on you to refrain from disclosing the bugs you find to the public before we have the chance to remove them. Exploiting your findings in any harmful way, including phishing or DoS/DDoS attacks, are also reasons to get disqualified from receiving any rewards.

There is no submission deadline. This bug bounty will remain open indefinitely.

Happy Hacking!