In the lead up to its major network upgrade Stargate, Cosmos (ATOM) has announced a three-month-long bug bounty with double rewards to improve the software’s robustness prior to release.
The key Stargate upgrade will complete the original roadmap laid out in the Cosmos Whitepaper and will include the first implementation of the IBC protocol — which allows Cosmos to connect to other blockchain networks.
According to early contributor Zaki Manian, the Cosmos Stargate testnet is ready to launch, however, the various Cosmos teams would like further test the upgrade “to identify critical bugs that may have made it past engineering and integration testing.”
The team is hoping to avoid a repeat of two incidents in the past year where serious bugs were found in critical components. In July a critical vulnerability in Tendermint’s consensus algorithm was identified by blockchain firm Bluzelle. In October 2019, the Cosmos team discovered another high-severity security vulnerability in the Tendermint Core.
The bug bounty, which will run from today until Dec 31, 2020, has “no maximum program reward,” — that is to say there's no cap on the amount one bug might be worth, nor the number of bugs one can report. Participants will receive a minimum of $5,000 for critical bugs identified, which is double the $2,500 reward in previous bug bounties. The rewards for low, medium and high-risk bugs have also been increased from $100, $500, and $1,000, to $200, $1,000, and $3,000 respectively.
VP of engineering at Cosmos development firm Interchain GmbH, Tess Rinearson, said that, “proactively finding and fixing bugs is a vital part of building strong, resilient blockchain protocols.”
“The release of the Stargate codebase reifies our commitment to the open-source community, with the goal of bringing Cosmos into a new era.”
Hackers and developers will be able to trial the upgrades to the Cosmos SDK, Tendermint Core, Gaia, and Inter Blockchain Communication (IBC) codebases. Cosmos is hoping to identify bugs in more than a dozen different categories, including memory allocation bugs, information leaks, authentication bypasses, denial of service vectors, and stolen funds.
Each report will be evaluated and rated at the discretion of blockchain security team Trail of Bits, who will consider the bug’s likelihood and possible impact of exploitation, and the quality of the reports submitted.
Security vulnerabilities continue to plague even the most mature of blockchains with a new Bitcoin (BTC) Lightning network vulnerability discovered today. In the past year, hackers have exposed vulnerabilities in DeFi products through price feed, oracle manipulation, ERC-777 vulnerabilities, and smart contract failures.