IoTeX DDoS Attack Bounty Program

Our Mainnet Rehearsal which was kicked off on Mar 27 went smoothly with 50+ delegates in the past week! It has provided a solid foundation for our coming Mainnet Alpha public release in mid-April. Now we need YOUR help from the community to build a stronger IoTeX network together — we are excited to announce the DDoS Attack Bounty Program! Same with the earlier Bug Bounty program, it is an open offer to external individuals to receive compensation for initializing success DDoS attacks.

Security and stableness is our №1 priority. We all know that no technology is perfect, and IoTeX believes that working with researchers, developers, engineers and technologists across the globe is crucial in identifying weaknesses in our blockchain infrastructure while we are building. We will reward the participants who take our network offline by DDoS attack.

Campaign Period

04/05/19 5:00 PM PDT till Mainnet Alpha Launches

Scope

The scope of the program is limited to IoTeX Mainnet Rehearsal Network — https://github.com/iotexproject/iotex-core, which especially focuses on network attacks.

Qualifying DDoS Attack Cases

To qualify for bounty, your report must be original and previously unreported.

All types of DDoS cases are qualified for the reward, including but not limited to:

  • UDP Flood
  • ICMP (Ping) Flood
  • SYN Flood
  • Ping of Death
  • Slowloris
  • NTP Amplification
  • HTTP Flood

Please note that the reward decisions are up to the discretion of IoTeX Foundation.

Rewards

For each qualified attack, we will offer 50,000 IOTX as a one-time thank-you reward.

Reporting

To claim a DDoS attack, please submit a proof report through http://iotex.io/bugs with the following information:

  1. Category of the attack
  2. Targets
  3. Steps to reproduce
  4. Supporting Material/References, e.g., source code, scripts
  5. Mitigate recommendation
  6. Your name and country, e.g., unidentified submitters will not be eligible for reward

Please note that

  • You will qualify for a reward only if you were the first person to alert us to a previously unknown issue. We will update you on the progress of your report ­when it is accepted, validated, and when the bounty is repaid
  • Technical discussions in https://gitter.im/iotex-dev-community/Lobby are encouraged but do not disclose bug details without informing us first
  • Our engineering team (who will communicate with a valid @iotex.io email) may outreach to you for further information on the bug if needed.

Disclaimer

This is an experimental and discretionary rewards program, and IoTeX Foundation can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at IoTeX Foundation’s discretion. The participants’ exploit or testing should not violate any law, or disrupt or compromise any data unauthorizedly.

Finally

IoTeX always want our community to take part in the exciting and cutting-edge technology of blockchain platforms. We look forward to interacting with more enthusiastic developers who will change the world with products built on IoTeX and rewarding their contributions. Happy hunting!

About IoTeX

Founded as an open-source project in 2017, IoTeX is building the world’s leading privacy-centric blockchain platform for the Internet of Things (IoT). Their mission is to build a decentralized trust fabric for a new era of collaboration and data exchange among devices, applications and people. Backed by a global team of research scientists and top engineers, IoTeX combines blockchain, trusted hardware and edge computing to realize the full potential of IoT.

Website: https://iotex.io/
Twitter: https://twitter.com/iotex_io
Telegram Announcement Channel: https://t.me/iotexchannel
Telegram Group: https://t.me/IoTeXGroup
Medium: https://medium.com/@iotex
Reddit: https://www.reddit.com/r/IoTeX/
Join us: https://iotex.io/careers