IoTeX DDoS Attack Bounty Program (closed)

IoTeX
IoTeX
Apr 5 · 3 min read

Campaign Period

04/05/19 5:00 PM PDT till Mainnet Alpha Launches

Scope

The scope of the program is limited to IoTeX Mainnet Rehearsal Networkhttps://github.com/iotexproject/iotex-core, which especially focuses on network attacks.

Qualifying DDoS Attack Cases

To qualify for bounty, your report must be original and previously unreported.

  • ICMP (Ping) Flood
  • SYN Flood
  • Ping of Death
  • Slowloris
  • NTP Amplification
  • HTTP Flood

Rewards

For each qualified attack, we will offer 50,000 IOTX as a one-time thank-you reward.

Reporting

To claim a DDoS attack, please submit a proof report through http://iotex.io/bugs with the following information:

  1. Targets
  2. Steps to reproduce
  3. Supporting Material/References, e.g., source code, scripts
  4. Mitigate recommendation
  5. Your name and country, e.g., unidentified submitters will not be eligible for reward
  • Technical discussions in https://gitter.im/iotex-dev-community/Lobby are encouraged but do not disclose bug details without informing us first
  • Our engineering team (who will communicate with a valid @iotex.io email) may outreach to you for further information on the bug if needed.

Disclaimer

This is an experimental and discretionary rewards program, and IoTeX Foundation can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at IoTeX Foundation’s discretion. The participants’ exploit or testing should not violate any law, or disrupt or compromise any data unauthorizedly.


🏆 Announcing The Winners!

Metanyx

With the tools provided, metanyx successfully launched DDOS attacks by injecting lots of actions into certain nodes and knocked down the victim machines, which leads to more strict rate-limiting on P2P layer to defend against such attacks.

IoTeXTeam

IoTeXTeam launched a similar DDOS attack and knocked down 7+ victim knocked, which leads to more strict rate-limiting on API layer to defend such attacks.

IoTask

IoTask found an interesting bug such that testing accounts are carried over to mainnet alpha which has been immediately fixed by the core team.

Let’s work together to build a stronger network!

About IoTeX

Founded as an open-source project in 2017, IoTeX is building the world’s leading privacy-centric blockchain platform for the Internet of Things (IoT). Their mission is to build a decentralized trust fabric for a new era of collaboration and data exchange among devices, applications and people. Backed by a global team of research scientists and top engineers, IoTeX combines blockchain, trusted hardware and edge computing to realize the full potential of IoT.

@iotex

IoTeX is the auto-scalable and privacy-centric blockchain infrastructure for the Internet of Things (IoT). IoTeX is bringing autonomous device coordination to the masses by "connecting the physical world, block by block".

IoTeX

Written by

IoTeX

The Privacy-Centric Blockchain Platform for IoT

@iotex

@iotex

IoTeX is the auto-scalable and privacy-centric blockchain infrastructure for the Internet of Things (IoT). IoTeX is bringing autonomous device coordination to the masses by "connecting the physical world, block by block".