OST, a blockchain infrastructure aimed at targeting businesses across the world, has launched a bounty challenge in order to eliminate any kind of vulnerabilities that are present in its pipeline. 400,000 OST tokens are reserved by the company for this challenge. The entire challenge is named the “OST Mainnet Bounty Challenge.”
Regarding the prospect of finding security vulnerabilities, 300,000 OST tokens are reserved for the contestant who is able to send tokens from a simple stake contract address to an unintended wallet. Additional tokens are reserved for the contestant who is able to recreate this vulnerability in a step-by-step process, 100,000 OST tokens to be exact. Talking to BlockPublisher, Andre Ivanoff, white-hat hacker who had previously uncovered vulnerabilities in the Augur platform, suggested this bounty challenge as a positive approach to crowd-source bug identification and improving the platform. He said;
Blockchain is a new technology and finding bugs in the system is a difficult task. Rewarding developers who can identify vulnerabilities, helps the tech team to address these issue ahead of any hacking attempt.
The company has also minted approximately one million bounty coins on the OST KIT Mainnet Alpha 1 staking 300,000 OST tokens. The vulnerability reports that are eligible for this bounty challenge include finding the vulnerabilities of somehow managing a way to transfer OST tokens staked on the ethereum mainnet to an unintended address, finding a way to transfer bounty coins to an unintended address from the OST KIT mainnet alpha 1, devising a way to gain control of a user’s account on the OST KIT, performing unintended transfer of tokens, compromising the private key management by the OST KIT, finding loopholes in the framework built upon OpenST Protocol by OST, compromising the data APIs of the OST VIEW, and getting access to another user’s API keys.
Regarding the rules associated with the bounty program, it is stated by the company that the usage of DDoS attacks or spamming is not permitted. No privacy violation or data destruction relating to a user is allowed. The vulnerabilities found are only meant to be reported to OST and not to be distributed among the general public. Already submitted vulnerabilities will be instantly discarded and no OST employee is allowed to participate in this challenge. The entire program can be cancelled by the OST team at any given moment. All the awards will be given as per the discretion of the OST team. All the vulnerabilities will be considered only once for the award.
Besides this, the company has also reserved bounties for participants who are able to find bugs in the OST KIT, OST API and OST VIEW. It also includes finding bugs and vulnerabilities in OST’s Mainnet Kit as well. Finding bugs and loopholes in the OpenST Protocol 0.9.2 smart contracts is also encouraged by the platform in order to make its entire security fabric bug-free.
The entire blog post made by the OST team can be found here.