Posted 1 month ago | by Catoshi Nakamoto
Up to $500,000 on offer for detecting valid bugs.
As you might have read in our latest article, we’re fierce on safety. As blockchain’s first OS, we need to constantly prioritize the security of our code. That’s why we teamed up with Immunefi, DeFi’s leading bug bounty platform.
What exactly is a Bug Bounty?
A bug bounty is a financial incentive to independent bug bounty hunters who discover security vulnerabilities and weaknesses in systems. Through Immunefi, Cartesi’s critical bug bounty reward is up to $500,000 to find bugs to keep our code reliable for all users — additional rewards are also available to earn in the program. When bounty hunters report valid bugs, we compensate them. That way, we can identify security flaws before bad actors do. Bug bounty hunters are so-called ethical hackers who may be eligible for a bug bounty if they successfully discover and report a vulnerability or issue to Cartesi. Immunefi is a bug bounty program that improves the security posture of systems over time by leveraging the hacker community. Immunefi has the largest bug bounties on any platform. Since the start of this year, they’ve already paid out +$2,000,000 in bounties.
What happens when a bug is detected?
A disclosure report is filled out by hackers whenever they discover a defect and describe how it impacts the software and the severity of the problem. Through Immunefi, the bug bounty hunter provides our developers with step-by-by-step directions for reproducing and validating the issue. This is the most essential step in the process. After the bug is discovered by our developers, a cash reward is offered to the hacker. In general, payouts range from a few thousand dollars to millions of dollars, depending on the severity of the problem. Our developers will assign priority to newly received bug reports and begin resolving them as soon as possible. The bug is retested by developers to guarantee that it has been fixed. For DeFi projects with smart contracts, rewards will be assigned according to Immunefi’s classification system, which uses a simple 5-level scale.
A relevant income, no matter where you live
Cartesi believes anyone should earn a relevant income in the new decentralized world we’re building. With Immunefi, hackers can look for bugs as a full-time source of income or use it to supplement their current income. Through Immunefi, bug bounty hunters earn financial rewards and can get public recognition for finding and reporting problems. Some use it as a method to land their first job and to demonstrate real-world experience.
With Immunefi, bug bounty hunters can find programs that best match their skills. They offer experts to solve the most fascinating puzzles in the world, of which DeFi vulnerabilities are the most high-stakes challenges.
How to learn to detect DeFi bugs
Because of the complexity of DeFi code, even very experienced developers need to learn about it. Immunefi has a Learn section where bug bounty hunters can read about blockchain, smart contracts, what kinds of vulnerabilities exist in smart contracts, and most importantly, how to find them.
“The goal of our Learn page is to provide a launching pad for hackers, researchers, devs, and companies to quickly get up to speed on the technology, so they can start hunting for bugs and collecting bounties. You can access Immunefi’s Learn guide at https://immunefi.com/learn/.”
Travin Keith, Immunefi Co-Founder
For bug bounty hunters, Immunefi has a very clear dashboard to file the bug report and to include a working proof of concept.
More about our bug bounty program
During this new bug bounty program, we work closely with Immunefi and their wider open-source security community to identify and patch any vulnerabilities found in Cartesi’s staking system. In particular, thefts and freezing of principal of any amount, thefts and freezing of unclaimed yield of any amount, governance activity disruption, website down, user data leak, and access to sensitive pages without authorization.
Interested in participating in our Bug Bounty Program?
Access our Immunefi Bug Bounty program here:
Immunefi is the go-to platform for DeFi projects looking to protect their code while also rewarding ethical hackers. To date, Immunefi has secured over $25 billion in customer funds while also rewarding bug bounty hunters with millions of cash, including the largest bug bounty in history ($2 million). For DeFi’s most important projects, Immunefi’s community of proven white hat hackers is essential to the security stack. Immunefi also has war room and crisis management skills as well as an industry-leading secure disclosure platform.
Cartesi is the first OS on the blockchain, and our Layer-2 solution integrates Linux and standard programming environments to blockchain. This allows developers to code scalable smart contracts with rich software tools, libraries, and services they are used to.
Cartesi bridges the gap between mainstream software and blockchain, welcoming millions of new startups and their developers to blockchain by bringing Linux to blockchain applications. Cartesi combines a groundbreaking virtual machine, optimistic rollups, and side-chains to revolutionize the way developers create blockchain applications.
Follow Cartesi across official channels:
Original article published on Cartesi’s Medium.