Baar, Switzerland — 8 October, 2020 — Cosmos, the interoperable blockchain ecosystem, has increased its incentives for their bug bounty program for the Cosmos Stargate software upgrade. The bug bounty will allow hackers, developers, and the community to trial and debug the upgrades and breaking changes to the Cosmos SDK, Tendermint Core, Gaia, and Inter Blockchain Communication codebases. The special bug bounty program launches today and will conclude on December 31, 2020.
Recent changes to the code include a transition from an in-house serialization system to Protocol Buffers (Protobuf), major new Tendermint Core features like state sync, and the first implementation of Cosmos’s flagship Inter-blockchain Communication (IBC) protocol. These changes are a high priority for the security community to review. Bounty rewards are based on many factors including impact, risk, the likelihood of exploitation, and report quality. The CVSS framework will be used to score all reports in a standardized and fairway. The rewards for bugs will be classified into these categories for payout:
- Critical— $5,000 and up
- High— $3,000 and up
- Medium— $1,000 and up
- Low— up to $200
Tess Rinearson, VP of Engineering at Interchain GmbH, said “We believe that proactively finding and fixing bugs is a vital part of building strong, resilient blockchain protocols. Our ongoing testing, and in particular this new program, exists to proactively reward people who discover bugs in our protocols and products. The release of the Stargate codebase reifies our commitment to the open-source community, with the goal of bringing Cosmos into a new era. For the first time ever, Cosmos blockchains will be able to connect with each other using a standardized protocol for inter-blockchain communication (IBC).”
While there is no maximum program reward, Cosmos core contributors will value creative or severe bugs and reward them accordingly. Examples of vulnerabilities that are of interest include memory allocation bugs, race conditions, timing attacks, information leaks, authentication bypasses, incorrect block validation, denial of service vectors, lost write bugs, unauthorized account or capability access, stolen funds, token inflation bugs, payloads/transactions that cause panics, and so on. Please see here for a quick-start guide to getting Tendermint Core running so you can start hunting for bugs. To work with Cosmos-SDK, start here to learn more about getting it up and running in your testing environment.
The Cosmos Network is a secure and scalable blockchain ecosystem where thousands of decentralized applications interoperate to create the foundation for a new token economy. Currently, over $6B in digital assets have been secured on Cosmos blockchains, over 8500+ Github stars have been created on Cosmos and Tendermint projects, and there are over 200 projects in the Cosmos Tendermint ecosystem. Please see here for a quick-start guide to getting Tendermint running so you can start hunting for bugs.
For more information visit https://hackerone.com/tendermint
About the Cosmos Network
The Cosmos Network is a secure and scalable blockchain ecosystem where thousands of decentralized applications interoperate to create the foundation for a new token economy.
Before the Cosmos Network, blockchains were siloed and unable to communicate with each other. They were hard to build and could only handle a small number of transactions per second. Cosmos solves these problems with a vision to build the “Internet of Blockchains.”
Cosmos solves some of the hardest blockchain problems – scalability, usability and interoperability, allowing blockchain application developers to focus on business logic. The Cosmos SDK is a user-friendly, modular framework powered by Tendermint Core’s Byzantine Fault Tolerant (BFT) Proof of Stake (PoS) protocol, that allows developers to fully customize their dApp to best suit their needs.