Solana Foundation Offers $400k Bounty for Critical Code Discovery

blockchain.news:

The Solana Foundation is offering a monetary reward of $400,000 to anyone who can identify a code that could potentially halt the Solana network, as revealed by Jacob Creech, Head of Developer Relations at Solana. The announcement came through Creech's Twitter post on 13th October 2023. The bounty is part of Solana's bug bounty program aimed at discovering and rectifying critical vulnerabilities to ensure the network's robustness and security.

Bounty for Liveness Loss

The specific bounty of $400,000 is categorized under «Liveness / Loss of Availability» in Solana's Security Bug Bounties program, which covers incidents where consensus halts and requires human intervention including eclipse attacks, remote attacks partitioning the network. The reward is paid in locked SOL tokens with a lockup period of 12 months.

Reporting and Response Process

Solana has a well-defined process for reporting, reviewing, and addressing security issues. Individuals discovering a potential vulnerability are instructed to report it through a designated «Report a Vulnerability» link rather than creating a GitHub issue. The Solana Labs team typically responds within 72 hours, following which a triage and fix preparation process ensues. Once a fix is ready, it's communicated to the network validators using the «Solana Red Alert» notification system, ensuring a coordinated effort to address the vulnerability.

Besides the aforementioned category, Solana's bug bounty program includes other categories like «Loss of Funds,» «Consensus/Safety Violations,» and «DoS Attacks,» with rewards ranging from $100,000 to $2,000,000. These bounties reflect Solana's commitment to maintaining a secure and reliable blockchain network by incentivizing the