DeFiChain thanks the following bounty hunters in their efforts to keep DeFiChain secure.
Dr. Daniel Cagara
Masternode mining efficiency exploit5,000 DFI15,000 USD
3rd-party masternode fund lockup issue1,500 DFI4,500 USD
Probabilistic side mining exploit2,500 DFI7,500 USD
Dropping of masternode through transaction malleability4,000 DFI12,000 USD
Masternode quorum anchor confirmation bug3,000 DFI9,000 USD
Masternode boost with infinite timelock4,000 DFI12,000 USD
Total bounty20,000 DFI60,000 USD
How to participate
There are many ways to get started finding a bug bounty. You can start by connecting to the DeFiChain testnet by running
defid -testnet. Alternatively, you could study our source code at GitHub.
If you find a bug through interacting with our program and/or studying our source code, we can offer a bug bounty of up to USD 50,000 worth of DFI provided that we find the bug significant, and you are able to provide useful info in regards to fixing or reproducing the issue.
Be sure to study the code that is tagged for official releases, not the master branch or other code that is still currently under development.
As security is a sensitive issue, we encourage users not to submit public issues regarding the security of the blockchain. We encourage using your own descretion, if you feel the issue is not something the public can easily exploit, then feel free to create an issue at the repo over at GitHub. If the issue presents some critical exploit, then please email us instead at firstname.lastname@example.org.
In your submission please include:
- A clear description of the issue
- A fix for the issue, preferably as a pull request
- If unable to provide a fix, then please provide clear directions on how to reproduce the issue
- Your email address or other relevant contact details (e.g. Telegram ID)
- Your DFI address for receiving the bounty if your submission is approved