Open main menu
Open main menu
Due to a lack of supporting developers, dcrios and dcrandroid are no longer covered by the scope of the bounty program.
We have processed a total of 233 submissions so far, with 21 of them being eligible for a payout.
Detail of one vulnerability can be made public.
Congrats to @trapp3rhat who has been listed in the Hall of Fame.
With this update, all security issues identified via the bounty program have been made public.
Phase 5 of the bounty program headed by @jholdstock has been approved. This will be the last update by @degeri.
We have processed a total of 228 submissions so far, with 21 of them being eligible for a payout.
Details of two vulnerabilities can now be made public.
Congrats to @Al1ex, @aditi_singghh who have been listed in the Hall of Fame.
We have one submission that is not public yet.
We have processed a total of 209 submissions so far, with 19 of them being eligible for a payout.
We have one submission that is not public yet. Although it is only a note level bug and limited to non default configurations. It will only be revealed once a large % of users update to the upcoming 1.7 version.
We have processed a total of 200 submissions so far, with 19 of them being eligible for a payout.
Details of one vulnerability can now be made public.
Congrats to @sheikhrishad0 who has been listed in the Hall of Fame.
We have one submission that is not public yet.
The scope of the bug bounty program has been updated with the following changes:
We have processed a total of 195 submissions so far, with 18 of them being eligible for a payout.
Details of two vulnerabilities can now be made public.
Congrats to @kazan71p and @sanket_722 who have been listed in the Hall of Fame.
We have one submission that is not public yet.
The bug bounty program has been renewed for another year. The maximum bounty amounts have been updated as per the new proposal.
At the end of “Phase 3” (June 30) we had processed a total of 193 submissions, with 18 of them being eligible for a payout.
We had two more submissions that will receive a payout, the exact details and HOF will be made public in a future update.
We have processed a total of 180 submissions so far, with 16 of them being eligible for a payout.
We have one submission that is not public yet.
We have processed a total of 157 submissions so far, with 15 of them being eligible for a payout.
Congrats to @proabiral who has been listed in the Hall of Fame.
We have processed a total of 150 submissions so far, with 14 of them being eligible for a payout.
We have processed a total of 145 submissions so far, with 14 of them being eligible for a payout.
We want to thank Javed Khan (Core Developer at Handshake Development Inc) and Braydon Fuller (Bitcoin Protocol Engineer at PurseIO, Inc) who reported the INVDoS vulnerability to the program. Hall of Fame has also been updated (primary submitter has been added).
We have processed a total of 141 submissions so far, with 14 of them being eligible for a payout.
We have also made some rules/scope changes to improve the program.
The bug bounty program has been renewed for another year.
At the end of phase two (30/06/2020), we had processed a total of 130 submissions, with 13 of them being eligible for a payout.
We have processed a total of 123 submissions so far, with 13 of them being eligible for a payout. The following vulnerability has been fixed and hence can be listed.
We have processed a total of 104 submissions so far, with 11 of them being eligible for a payout.
The PR linked below fixes a potential multi-day memory exhaustion attack that could lead to a node crash in dcrd 1.4.0. The network hardforked on 13/03/2020 and these older vulnerable clients have been forked off, hence this vulnerability has little to no impact on the working of the network.
All bug reporters are given the chance to be listed in the hall of fame, and we are happy to welcome Aaron Hook who discovered the issue above. Thanks for participating Aaron!
With this update, all security issues identified via the bounty program have been made public.
We have processed a total of 97 submissions so far, with 11 of them being eligible for a payout. The following vulnerability has been fixed and hence can be listed.
We have processed a total of 83 submissions so far, with 10 of them being eligible for a payout. The following vulnerability has been fixed and hence can be listed.
The bug bounty program has been renewed for another year.
We have processed a total of 67 submissions so far, with 9 of them being eligible for a payout. The following vulnerabilities have been fixed and hence can be listed.
We have processed a total of 49 submissions so far, with 7 of them being eligible for a payout. The following vulnerabilities have been fixed and hence can be listed.
We have processed a total of 27 submissions so far, with 2 of them being eligible for payouts. The “Hall of Fame” will not be updated as the submitters have not chosen to be listed. We will also be making some updates to the scope to better communicate the types of submissions we are looking for.
Today we are kicking off the bug bounty program. We look forward to receiving some great reports from the community. Please read the rules and scope section before you start testing.
