[Bounty] Golos Security Program

in #bounty8 years ago (edited)

Thanks to @serejandmyself for rapid translation.

We have already promised a bounty campaign, and after yesterday's crash of the testnet, it's time to announce it!

Freakonomics
Illustration: Freakonomics

There will be 3 types of bounty:

  1. For fixing critical mistakes on the blockcahin
  2. For fixing the web client bugs
  3. For finding critical mistakes in the website infrastructure

Each bounty has its points as follows:

Vulnerabilities on the blockcahin

Criteria: For each pull-request eliminating critical errors like yesterday, there will be a bounty.
A potential vulnerability should either lead to a full network stop or to a substantial breach of the economy (> 1% of capitalization).
Award: Prior to the start of vesting it will be 22500 GOLOS. After the starting of vesting the reward will seek to be 1/2000 of the network or worth 5 basis points from the development budget of the golos development account.

Vulnerabilities of the web client

Criteria: For each pull request that eliminates errors such as the one that occurred on Steem; when many master passwords were stolen, (including my own and even Dan's). Potential vulnerability should lead to a possibility of any theft, of the user data.
Award: Prior to the start of vesting it will be 22500 GOLOS. After the starting of vesting the reward will seek to be 1/2000 of the network or worth 5 basis points from the development budget of the golos development account.

Infrastructural Vulnerability

Criteria: access will be granted to the servers of golos.io. As many of you know the steemit web client contains a configuration file, which includes a private key to the account from which the free registration of users occurs. In our case, the account will be called golosio. This account can be considered as "a hot storage". A reserve of 22500 GOLOS will be kept on this account for registration fees. This amount can be taken to yourself (LEGALLY) if you get access to the configuration file.
Award: The entire amount, which is stored in the "hot storage" is the bounty. The bounty will be considered "legal" only if you provide details of the breach.

All the information is relevant for the time of the testnet and the active near future.
The rewards are not final and can be changed by the golos society.
It should be considered that most of the delegates are, so and so, interested in a working network, which means that the offered reward pool is a call to action and a call for discussion of the bounties.
Also as you may have noticed, it only contains critical mistakes.

PS. The first bounty of 22500 GOLOS goes to @abit for research and PR. Thanks you man from our team and community.

Sort:  

Thanks :)

This post has been linked to from another place on Steem.

Learn more about linkback bot v0.4. Upvote if you want the bot to continue posting linkbacks for your posts. Flag if otherwise.

Built by @ontofractal