Our Mainnet Rehearsal which was kicked off on Mar 27 went smoothly with 50+ delegates in the past week! It has provided a solid foundation for our coming Mainnet Alpha public release in mid-April. Now we need YOUR help from the community to build a stronger IoTeX network together — we are excited to announce the DDoS Attack Bounty Program! Same with the earlier Bug Bounty program, it is an open offer to external individuals to receive compensation for initializing success DDoS attacks.
Security and stableness is our №1 priority. We all know that no technology is perfect, and IoTeX believes that working with researchers, developers, engineers and technologists across the globe is crucial in identifying weaknesses in our blockchain infrastructure while we are building. We will reward the participants who take our network offline by DDoS attack.
04/05/19 5:00 PM PDT till Mainnet Alpha Launches
The scope of the program is limited to IoTeX Mainnet Rehearsal Network — https://github.com/iotexproject/iotex-core, which especially focuses on network attacks.
Qualifying DDoS Attack Cases
To qualify for bounty, your report must be original and previously unreported.
All types of DDoS cases are qualified for the reward, including but not limited to:
- UDP Flood
- ICMP (Ping) Flood
- SYN Flood
- Ping of Death
- NTP Amplification
- HTTP Flood
Please note that the reward decisions are up to the discretion of IoTeX Foundation.
For each qualified attack, we will offer 50,000 IOTX as a one-time thank-you reward.
To claim a DDoS attack, please submit a proof report through http://iotex.io/bugs with the following information:
- Category of the attack
- Steps to reproduce
- Supporting Material/References, e.g., source code, scripts
- Mitigate recommendation
- Your name and country, e.g., unidentified submitters will not be eligible for reward
Please note that
- You will qualify for a reward only if you were the first person to alert us to a previously unknown issue. We will update you on the progress of your report when it is accepted, validated, and when the bounty is repaid
- Technical discussions in https://gitter.im/iotex-dev-community/Lobby are encouraged but do not disclose bug details without informing us first
- Our engineering team (who will communicate with a valid @iotex.io email) may outreach to you for further information on the bug if needed.
This is an experimental and discretionary rewards program, and IoTeX Foundation can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at IoTeX Foundation’s discretion. The participants’ exploit or testing should not violate any law, or disrupt or compromise any data unauthorizedly.
🏆 Announcing The Winners!
With the tools provided, metanyx successfully launched DDOS attacks by injecting lots of actions into certain nodes and knocked down the victim machines, which leads to more strict rate-limiting on P2P layer to defend against such attacks.
IoTeXTeam launched a similar DDOS attack and knocked down 7+ victim knocked, which leads to more strict rate-limiting on API layer to defend such attacks.
IoTask found an interesting bug such that testing accounts are carried over to mainnet alpha which has been immediately fixed by the core team.
Congratulations to the hunters and thank you all for the support! IoTeX always want our community to take part in the exciting and cutting-edge technology of blockchain platforms. We look forward to interacting with more enthusiastic developers who will change the world with products built on IoTeX and rewarding their contributions.
Let’s work together to build a stronger network!
Founded as an open-source project in 2017, IoTeX is building the world’s leading privacy-centric blockchain platform for the Internet of Things (IoT). Their mission is to build a decentralized trust fabric for a new era of collaboration and data exchange among devices, applications and people. Backed by a global team of research scientists and top engineers, IoTeX combines blockchain, trusted hardware and edge computing to realize the full potential of IoT.
Telegram Announcement Channel: https://t.me/iotexchannel
Telegram Group: https://t.me/IoTeXGroup
Join us: https://iotex.io/careers