Keeping in mind their focus towards security on the Tron [TRX] blockchain, Tron Foundation has announced a bug bounty program on Hackerone. The program offers rewards of up to $10000 for critical issues, with the program aimed at discovering “potential technical vulnerabilities” in the mainnet.
Tron aims to achieve this using the help of the Tronics, with the Foundation calling out members who “specialize in global network security”. Moreover, the program is in order to sustain the mainnet as the “most secure public blockchain in the industry”.
Critical bugs found on the mainnet include bugs that can take control of nodes on the network by the remote execution of any code on the network. Another bug in this category are bugs that can lead to the leakage of users’ private keys. These have a bounty of $10,000, which are set to be paid out 14 business days post the submission of the report.
High threat level bugs include bugs that can incur Denial of Service on P2P networks or the RPC API, and provide a bounty of $6000. The medium threat level bugs are those that can incur a Denial of Service through the Tron protocol, along with bugs that allow unauthorized operations on user accounts.
The listing also mentioned a list of bugs that are off limits, which include clickjacking on pages with no sensitive actions, man in the middle attacks, root level access attacks, CSV injections, and content spoofing and text injection issues.
Hackerone remains as the platform with the highest amount of bounty finders and ethical hackers, thus contributing to the overall security of the Tron network.