Tron has a new bug bounty program that seems to be eventually paying off. Since it was launched at the end of May, Tron handed out $25,000 to ethical hackers who discovered flaws on its new blockchain, says HackerOne.
Now, the platform is offering $50,000, $10,000 and $6,000 and these amounts are based on the severity of the bugs that will be found.
Tron offers bounties for bugs of high, critical and medium severity
Critical bugs are worth $50,000 and include bugs which can take control of java-tron nodes by remote execution of any code and bugs which can lead to private key leakage.
High severity bugs are worth $10,000 and these include bugs which can incur Denial of Service (DoS) in java-tron through P2P network and bugs which can incur Denial of Service (DoS) in java-tron through RPC-API.
Medium severity bugs are worth $6,000 and these include bugs which can incur Denial of Service (DoS) in java-tron through TRON Protocol and bugs that are allowing unauthorized operations on user accounts.
More than that, hackers who will be able to find low priority bugs will be able to earn $100.
For the moment, only the bugs that are found in the java-tron code repositories are eligible for the bounties that we have mentioned above.
The problems that involve tronscan.org, tron.network and tronlab.com will not be eligible for any bounties, but still, Tron is encouraging people to report any kind of issues that they might run into.
#TRON Bug Bounty Program with a highest reward of USD$10 million. We take the security of #TRON mainnet very seriously. If you have made an important discovery of potential bugs, please contact us and join the TRON Bug Bounty Program🔉 #TRX $TRX https://t.co/e399Z4TZBw pic.twitter.com/JRyVnTtb9J
— Justin Sun (@justinsuntron) June 1, 2018
How to report bugs to the Tron team
In order to report any bugs that you might have found, all you have to do is contact the Tron team via HackerOne and include the following elements:
- The source of the bug – for example, tronprotocol/java-tron and so on
- Your personal classification of the severity of the bug – medium/high/critical
- A summary of the bug
- A detailed description of the bug
- Instructions to recreate the bug
- Other additional materials such as proof of concepts, source code, screenshots or logs
You can learn more about The Tron Bug Bounty Program here.