The Solana Foundation Offers $400,000 Bounty for Identifying Network Halt Code
The Solana Foundation is offering a monetary reward of $400,000 to anyone who can identify a code that could potentially halt the Solana network. This was revealed by Jacob Creech, Head of Developer Relations at Solana, in a Twitter post on October 13, 2023. The bounty is part of Solana’s bug bounty program aimed at discovering and rectifying critical vulnerabilities to ensure the network’s robustness and security.
Bounty for Liveness Loss
The specific bounty of $400,000 falls under the category of “Liveness / Loss of Availability” in Solana’s Security Bug Bounties program. This category covers incidents where consensus halts and requires human intervention, including eclipse attacks and remote attacks partitioning the network. The reward is paid in locked SOL tokens with a lockup period of 12 months.
Reporting and Response Process
Solana has a well-defined process for reporting, reviewing, and addressing security issues. Individuals who discover a potential vulnerability are instructed to report it through a designated “Report a Vulnerability” link instead of creating a GitHub issue. The Solana Labs team typically responds within 72 hours and initiates a triage and fix preparation process. Once a fix is ready, it is communicated to the network validators using the “Solana Red Alert” notification system to ensure coordinated efforts in addressing the vulnerability.
Other Bug Bounty Categories
In addition to the “Liveness / Loss of Availability” category, Solana’s bug bounty program includes other categories such as “Loss of Funds,” “Consensus/Safety Violations,” and “DoS Attacks.” These categories offer rewards ranging from $100,000 to $2,000,000. These bounties highlight Solana’s commitment to maintaining a secure and reliable blockchain network by incentivizing the discovery and reporting of potential security threats.
Eligibility and Payment
To be eligible for the bounty, submissions must include an exploit proof-of-concept. The Solana Foundation has outlined a clear process that includes Know Your Customer (KYC) procedures and a participation agreement that participants must adhere to. Bounties are awarded on a rolling or weekly basis and are paid out within 30 days upon receipt of an invoice. The SOL/USD conversion rate is determined by the market price of SOL at the end of the day the invoice is submitted.
Hot Take: Solana’s Commitment to Network Security
The Solana Foundation’s proactive approach in offering substantial bounties for identifying and rectifying potential security threats demonstrates its continuous effort to uphold network integrity and ensure a secure blockchain environment for its users and developers.
By
By
By
By
By
By