Blockchain technology is appreciated for resistance and increased reliability. However, distributed registries is not free from flaws. Just this week EOS, TRON, Monero and Augur paid $500 24 “ethical hackers”, which revealed problems in them.
According to the HackerOne website, just security experts have discovered seven weaknesses in TRON, two in EOS and one in Monero and Augur. Unfortunately, most reports are not available to the public, so it is difficult to judge how serious the problems identified.
However, the following is known: the greatest generosity was shown EOS, a reward of $12 500. In second place TRON Justin Sana (of$7000), the third — Augur ($5000). Monero chose not to specify the size of their incentive awards.
Augur is the only company that decided to provide the public with detailed information about the vulnerabilities. As reported by its representatives, the bug gave attackers the ability to manipulate the price of “gas” to air and to inflate the amount of fees needed to create a platform for new markets.
Augur has already fixed this vulnerability. The company launched a bounty program for finding vulnerabilities in April, highlighting her $50 000. Since then, the Fund was increased to $200,000. Report Edgar first, which the company considered contains data about the vulnerability a “high severity”. For his discovery specialist received $5000. Until yesterday, the company has paid only two of the bonus $100.
In comparison with Augur EOS has extensive experience bonuses. Starting in may, program status reporting protection system, the company has paid more than $300,000 for more than 40 vulnerabilities. Recently, the Dutch “white hacker” Guido Vranken received more than $120,000 for detected vulnerabilities reported by EOS. He expressed concern about the fact that in the weeks that followed, researchers continued to identify system weak points (under other issues EOS).
Although vulnerability is always bad, bounty programs to encourage hackers to show awareness and reporting bugs to companies and not to exploit weaknesses for financial gain. This is especially important in blockchain-based networks, where the recorded data is by definition immutable (in most cases). It is very likely that many codes blockchain projects contain security vulnerabilities, however, the “white hackers” too little time to explore them all, so try to encourage them through bounty programs.
The most striking example can be called Coinbase, which recently paid $10,000 for dealing with cyber security company that has discovered a vulnerability in the platform. Theoretically, the vulnerability could give attackers virtually unlimited number of ETH. This episode illustrates the importance of bounty programs.
Source
