IoTeX DDoS Attack Bounty Program (closed)

Published in

IoTeX

3 min readApr 5, 2019

Our Mainnet Rehearsal which was kicked off on Mar 27 went smoothly with 50+ delegates in the past week! It has provided a solid foundation for our coming Mainnet Alpha public release in mid-April. Now we need YOUR help from the community to build a stronger IoTeX network together — we are excited to announce the DDoS Attack Bounty Program! Same with the earlier Bug Bounty program, it is an open offer to external individuals to receive compensation for initializing success DDoS attacks.

Security and stableness is our №1 priority. We all know that no technology is perfect, and IoTeX believes that working with researchers, developers, engineers and technologists across the globe is crucial in identifying weaknesses in our blockchain infrastructure while we are building. We will reward the participants who take our network offline by DDoS attack.

Campaign Period

04/05/19 5:00 PM PDT till Mainnet Alpha Launches

Scope

The scope of the program is limited to IoTeX Mainnet Rehearsal Network — https://github.com/iotexproject/iotex-core, which especially focuses on network attacks.

Qualifying DDoS Attack Cases

To qualify for bounty, your report must be original and previously unreported.

All types of DDoS cases are qualified for the reward, including but not limited to:

UDP Flood
ICMP (Ping) Flood
SYN Flood
Ping of Death
Slowloris
NTP Amplification
HTTP Flood

Please note that the reward decisions are up to the discretion of IoTeX Foundation.

Rewards

For each qualified attack, we will offer 50,000 IOTX as a one-time thank-you reward.

Reporting

To claim a DDoS attack, please submit a proof report through http://iotex.io/bugs with the following information:

Category of the attack
Targets
Steps to reproduce
Supporting Material/References, e.g., source code, scripts
Mitigate recommendation
Your name and country, e.g., unidentified submitters will not be eligible for reward

Please note that

You will qualify for a reward only if you were the first person to alert us to a previously unknown issue. We will update you on the progress of your report when it is accepted, validated, and when the bounty is repaid
Technical discussions in https://gitter.im/iotex-dev-community/Lobby are encouraged but do not disclose bug details without informing us first
Our engineering team (who will communicate with a valid @iotex.io email) may outreach to you for further information on the bug if needed.

Disclaimer

This is an experimental and discretionary rewards program, and IoTeX Foundation can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at IoTeX Foundation’s discretion. The participants’ exploit or testing should not violate any law, or disrupt or compromise any data unauthorizedly.

🏆 Announcing The Winners!

Metanyx

With the tools provided, metanyx successfully launched DDOS attacks by injecting lots of actions into certain nodes and knocked down the victim machines, which leads to more strict rate-limiting on P2P layer to defend against such attacks.

IoTeXTeam

IoTeXTeam launched a similar DDOS attack and knocked down 7+ victim knocked, which leads to more strict rate-limiting on API layer to defend such attacks.

IoTask

IoTask found an interesting bug such that testing accounts are carried over to mainnet alpha which has been immediately fixed by the core team.

Congratulations to the hunters and thank you all for the support! IoTeX always want our community to take part in the exciting and cutting-edge technology of blockchain platforms. We look forward to interacting with more enthusiastic developers who will change the world with products built on IoTeX and rewarding their contributions.

Let’s work together to build a stronger network!

About IoTeX

Founded as an open-source project in 2017, IoTeX is building the world’s leading privacy-centric blockchain platform for the Internet of Things (IoT). Their mission is to build a decentralized trust fabric for a new era of collaboration and data exchange among devices, applications and people. Backed by a global team of research scientists and top engineers, IoTeX combines blockchain, trusted hardware and edge computing to realize the full potential of IoT.