RaiBlocks operates as a secure, sustainable network that anyone can rely on to send, receive, and store currency. In the interest of further improving the security of the network, we are launching the RaiBlocks Bug Bounty Program.
We encourage anyone interested to review the code, find bugs, vulnerabilities, or ways bad actors could exploit the RaiBlocks network. We offer three tiers of bounties, based on the severity of the bug, vulnerability or issue, paid in either XRB or the BTC equivalent:
- Minor (100 XRB bounty)
- Moderate (1,000 XRB bounty)
- Critical (10,000 XRB bounty)
Bug bounties will be paid out of the RaiBlocks Developer Fund.
If you believe you have found a bug in RaiBlocks, the process by which you can report the bug and claim your bounty upon its fix is as follows:
1) Notify us that you have found a bug in the #bug_bounties channel on Discord at chat.raiblocks.net and a member of the Core team will initiate a direct line of communication with you where you can let us know which tier you feel your bug belongs in.
2) The Core team will review the issue and if it is determined that the reported bug has merit, they will work with you to fix the bug and your bounty will be rewarded.
3) Following the fix, we will publish a retrospective on our blog regarding the bug, which will include the timeline from notification to resolution, all parties affected, the outcome and references to commits that addressed the issue(s).
4) All communications between the reporter and the Core team related to the bug and bounty will be published upon resolution of the issue reported. In the interest of full transparency this will be done regardless, whether the bug reported ends up being a critical threat or a non-issue.
If the details of the bug leak ahead of the retrospective being published, whether accidentally or maliciously, the contract between RaiBlocks and the reporter is null-and-void and the bug bounty will not be rewarded.
We look forward to anyone engaging with us to improve the protocol and we hope that you’ll try to find ways to break and improve RaiBlocks in order to build the best currency and network around.
The RaiBlocks Core Team
Last updated on December 26, 2017