Announcing the Colony Network Bug Bounty
The Colony Network has been under construction for a *while*. Seriously, the first lines of code were committed in 2014 (yes, before Ethereum was a thing). Since then, we’ve had a guiding philosophy: Do it right.
Over the course of Colony’s development, we’ve refined and revised, and made some serious changes to our contract design. Things have been scrapped, re-written, and then scrapped again. At long last, it’s time to get everything ready for our first mainnet deployment.
But it would be irresponsible to go straight to mainnet without doing our due diligence. For that, we need you!
Starting today, it’s open-season on our Rinkeby deployment. We are calling on you, dear hackers, to test, attack, (try to) steal, disrupt, and otherwise bork the colonyNetwork smart contracts or reputation mining system. Seriously, go nuts. But please tell us about it.
We are willing to pay a lot for the disclosure of any vulnerabilities. If you can find anything wrong or potentially dangerous in our contract code, and you disclose it to us on GitHub, there’s up to $20,000 DAI in it for you. The big bucks are for critical flaws, but less impactful or likely bugs can still net you between $500 and $10,000 — see our Rules page for more information about how bounties are determined.
Resources:
Now, these contracts are complex, to say the least. We’re not here to compare codebase sizes, but the colonyNetwork is definitely among the largest and most ambitious of any project in the Ethereum ecosystem. So you might want a little help. We gotchu.
First, check out our documentation and get a sense of what you’re up against.
For quick questions that need quick answers, Colony devs are always up on the colonyNetwork Gitter to help you out.
If you’d like to collaborate with other bounty hunters to divide and conquer, be our guest! A good place to do that is build.colony.io — it has nice, searchable, threaded discussion. We’ll also be there answering any longer or more detailed technical questions you may have.
