Before the upcoming release of smart contracts, the Cardano Foundation set up a bug bounty program with Hackerone. This is supposed to detect potential network vulnerabilities.
White hat hackers are called upon to attack the Cardano chain. Those who find weak points are rewarded. in the Cardano reward program the bounties are divided into four levels, which are measured according to the respective severity, namely low, medium, high and critical.
Searched for errors in node and wallet
We are looking for bugs in the Cardano Wallet or the Cardano Node. Issues rated as low in impact are reimbursed with amounts between $ 200 and $ 300. The highest reward of up to $ 10,000 is earmarked for finding critical errors in the node. Of course, all rewards are paid out in ADA, the Cardano token.
Jeremy Firster, Project Manager at the Cardano Foundation, is behind the need for the Bug Bounty Program:
“Cardano is a leading blockchain ecosystem that aims to enable integrated blockchain solutions worldwide. It is our duty to maintain the highest standards and commitment to code transparency and reliability to ensure that the protocol remains viable for mission-critical applications deployed by individuals, startups, corporations, financial institutions and governments around the world. ”
Hackerone has a solid track record. The company has already served over 2,400 customers with its large community of ethical hackers. More than 240,000 security vulnerabilities were found and reported.
Cardano is currently the third largest cryptocurrency by market capitalization. On September 12th, the Alonzo Hard Fork Combinator is on the agenda. The update introduces the long-awaited smart contracts that should make Cardano a major Ethereum competitor. Cardano wants to cut a large piece of the defi cake. The NFT market could also benefit from alternatives. Untreated security loopholes would be bad for business.
So far, the Cardano developers have been using automated scanners to look for weak points. However, they only recognize security gaps that are not very complex. Complex, interconnected vulnerabilities require a professional search by qualified hackers. All major software houses have now introduced corresponding bug bounty programs. Google, for example, had completely modernized its recently.