One Could Win $1 Million By Finding 100 ‘Critical’ Bugs in Libra
Facebook is offering thousands of dollars as a reward for those testers who find bugs in its upcoming Libra cryptocurrency.
Libra Invites Your Security and Privacy Review of its Architecture and Design
Facebook envisages empowering billions of people all over the world through its single global ‘cryptocurrency’, Libra. It will be supported by a simple financial infrastructure.
The social media giant plans to release the digital asset in 2020. But before its release, its engineers and developers want to ensure that the cryptocurrency will run on a secure, scalable, and reliable blockchain.
Indeed, the Libra team claims to have already created such blockchain “to prioritize scalability, security, efficiency in storage and throughput, and future adaptability.”
Now, Libra Core testnet is available for testing purposes. Libra Core is the software that maintains the Libra cryptocurrency.
On August 22, 2019, the team announced the Bounty Program. It calls for volunteers to test the system and try to find bugs or issues. According to the announcement,
“In the meantime, this project is at an early prototype stage. Please let us know what you think. We are especially interested in your review of the security and privacy architecture and design as well as — of course — your bug reports.”
Moreover, the team underlines that the testnet uses a cryptocurrency with no real-world value.
Testers Can Make Up to $10,000 per Bug Discovered
Under the Libra Bounty Program terms, the Libra team encourages volunteers to let the Libra Association know as soon as they find a security vulnerability in any software or on any Libra-related application.
— Libra Dev (@LibraDev) August 27, 2019
Then, the Libra Association will perform reviews on a case-by-case basis to determine the severity of the bug or issue reported. Next, the Association will determine the reward amounts “based on a variety of factors, including (but not limited to), impact, ease of exploitation, and quality of the report.”
Thus, depending on the importance of the bug’s severity, the individual who reported it might receive a bounty of between $500 and $10,000. Specifically, the scale of the bounty is as follows:
• Critical: $10,000
• High: $5,000
• Medium: $1,500
• Low: 500
Security areas of concern include forks, transactions tampering, block tampering, and validator compromise. In addition, the team encourages testers to review issues related to denial-of-service and double-spending.
Similarly, the team welcomes assessments and identification of risks and flaws in the general security of the Libra Blockchain. In this regard, some of the areas of concern include design or architecture, smart contracts, and transactions.
So, if you believe you have the skills, you are welcome to start testing Libra now.
What do you think of Libra’s Bounty Program? Let us know your thoughts in the comment section below!
Images via Shutterstock, Twitter: @LibraDev