Bug Bounty, development updates, and next steps

Development Update — 24th December

Tangram
Tangram
Dec 24, 2019 · 6 min read
Image for post
Image for post

Bug Bounty

Moving forward, the bug bounty program scope and rewards will grow and continue to be actively updated as we extend and expand the Tangram network, hit important development milestones, and ship new features into the wild. As the network evolves, so will the bug bounties. The scope of the bug bounty program will be progressively updated to include more of Tangram’s code, and also specific files, vulnerabilities, and areas which may need to be focused on.

In scope

github.com/tangramproject/Tangram.Vector

  1. Cryptographic flaws which would break the underlying protocol confidentiality.

Reporting a bug

To report a security vulnerability through an encrypted channel, please email or contact any of the core developers so that they can verify and exchange public keys with you.

Report guidelines

A complete report includes:

  • Any prerequisites and steps to get the network and / or system to an impacted state;
  • A reasonably reliable exploit for the issue being reported;
  • Enough information to be able to reasonably reproduce the issue.
Image for post
Image for post
OWASP Risk Rating Model
  • High: up to 5000 TGM
  • Medium: up to 2000 TGM
  • Low: up to 1000 TGM
  • Note: up to 500 TGM
  1. Squashing bugs;
  2. Identifying core challenges;
  3. Building out existing already implemented features;
  4. … and who knows what else …

Development Updates

In our previous announcement we announced the release of running a node for Test-net1, Phase 2.

Commits

  • Fix clock skew; [97740fe]
  • Tracing with error handling; [84f9e14]
  • Return completed dialing and ignore failed; [c37e9a5]
  • Refactor Dial error tasks; [84f9e14]
  • Return completed dialing and ignore failed; [1194ebe]
  • Dialing tasks refactoring; [ceaa722]
  • Simplifying dial function; [daa114d]
  • Refactor FailureDetection HostedService; [d571d43]
  • Default to 2 days worth of logs for Membership; [c9a0799]
  • Fix timer contention in Membership; [d096670]
  • Cleanup locks; [bf89a4a]
  • Cap BroadcastQueue. Default TorClient timeout to 7 seconds; [e3a9bca]
  • [NEW] Allowing for user defined classes to be passed to Sip/Blockmania actor; [8d1bfbf]
  • Added ack buffer for exactly once delivery; [c742afc]
  • Added Borker.API; [946d318]
  • [NEW] MQTT clustering; [bcb37b9]
  • [NEW] MQTT client managed pub/sub; [6e987b0]
  • [NEW] MQTT RPC client; [d926d3c]
  • [NEW] Added MQTT missing services; [edd2db3]
  • Added Serilog dependency and error handling; [f0db521]
  • Added client storage manager; [bad4f2a]
  • At least once delivery and retrieve stored messages from publisher; [f8b1648]
  • Enabled port setting; [dee4582]
  • [NEW] Internal pub/sub communication. [4d75a97]

MQTT Integration

Next steps

zk-PoS integration

You may have noticed the initial commit for PoS integration.

The XEdDSA and VXEdDSA Signature Schemes

  1. Verifiable Delay Function (VDF);
  2. Time-lock puzzles;
  3. Bulletproofs;
  4. Multisig.

Run a node

The guide below assumes that you have an understanding of port forwarding and some advanced computer knowledge:

Thinking of contributing to the code?

Connect with any of the Core and/or Community managers OR simply create an issue/pull request!

Image for post
Image for post

If you’re interested, have questions and feedback:

Visit our website: www.tangrams.io

Tangram_tgm

Tangram was created with a singular vision: to inspire…

Tangram

Written by

Tangram

Tangram was created with a singular vision: to inspire, mobilize and empower a new generation of cypherpunks.

Tangram_tgm

Tangram was created with a singular vision: to inspire, mobilize and empower a new generation of cypherpunks.

Tangram

Written by

Tangram

Tangram was created with a singular vision: to inspire, mobilize and empower a new generation of cypherpunks.

Tangram_tgm

Tangram was created with a singular vision: to inspire, mobilize and empower a new generation of cypherpunks.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store