Shardeum Launches Bug Bounty with $700K Boosts on Immunefi

Shardeum has launched Bug Bounty program with special boosts on Immunefi to help secure the codebase, and further its mission of onboarding over a billion people to Web3.

Shardeum recognizes the need to invest in security throughout the entire development lifecycle — which is exactly where Immunefi’s boosts come in. Boosts are time-bound, crowd-sourced security audits conducted at every development milestone. They involve top-tier blockchain security researchers with a proven record. Boosts help harden code post-audit, at testnet, or even before launching a mainnet bug bounty. They surface critical reports in real-time as the program runs, enabling projects to mitigate vulnerabilities without waiting for long audits to finish, which maximizes their speed to launch.

Shardeum partnered with Immunefi because of their track record and dedicated community of security experts.

🔐 Bug Bounty Program Launch: July 8, 2024 at 6:00 AM UTC
🔐 Program End Date: August 14, 2024

Shardeum is offering two tiers of Boosts on Immunefi: Core and Ancillaries.

The Core Boost

The Core Boost will focus on the Web3 elements of the project, encompassing three key components and select internal libraries: Shardus Core, Shardeum Validator, and the Crypto Utils library. Shardus Core covers the Layer 1, p2p and consensus protocol. Shardeum Validator is the L2 EVM-compatible distributed application (Dapp). Everything here except smart contracts is in scope. Finally, the crypto utils library holds wrappers for cryptographic functions used throughout the Shardeum Foundation codebase.

This boost offers reward up to $500,000 for critical vulnerabilities identified. The code is largely written in TypeScript, and the boost is ideal for elite white hats specializing in large validator and server-like competitions.

🔼 Total Reward Pool: $500,000 USD
🔼 Target Participants: Elite White Hat Hackers
🔼 Technology Focus: TypeScript-based blockchain/DLT codebase
🔼 Codebase Covers (3): Shardus Core, Shardeum Validator, and the Crypto Utils library

Ancillaries Boost

In addition to the Core Boost, Shardeum is also launching the Ancillaries Boost, offering rewards of up to $200,000. This boost will cover the Web2 aspects of the project, encompassing seven components: Validator GUI, Validator CLI, Archiver, Explorer, Distributor/Collector libraries, RPC, and Shardus-Net networking code.

The Validator GUI is the website that optionally runs on each node. This allows node operators including Web3 beginners to interact with their nodes easily via a webpage available on the internet. The Validator CLI is the command line tool used to administer the node. The GUI calls commands in the CLI, or the operator can enter the commands manually. The Archive Server’s primary role is to hold the historical state of the network and accounts. Once the network has consensed on a state change, that information is saved to archive servers. The Explorer serves a similar function to https://etherscan.io/. The relayer consists of two parts: collector and distributor. These two components work together to shuffle data between ancillaries, namely the archiver servers, RPC servers, and explorer. The RPC server acts as an API, allowing users to interact with the network and inject transactions. It is designed to be as compliant as possible with Ethereum’s RPC specification, though some differences exist. Finally, lib-net is the bottom level networking library for the Shardeum network. It is written in a mix of Rust and TypeScript.

This competition opens the door to a broader range of security researchers, including those specializing in traditional web applications. This is the first boost on Immunefi specifically focused on Web2 code.

🔼 Total Reward Pool: $200,000 USD
🔼 Target Participants: Web2 Security Researchers/Experts
🔼 Technology Focus: Rust and TypeScript based Web2 codebase
🔼 Codebase Covers (7): Validator GUI, Validator CLI, Archiver, Explorer, Distributor/Collector libraries, RPC, and Shardus-Net networking code 

Join Shardeum Bug Bounty

For more information about Shardeum’s bug bounty, and to participate, please visit the Shardeum boosts page on Immunefi by clicking the links below. Join us in making the Web3 ecosystem safer and more secure for everyone in return for exciting rewards!

When the Boost has ended, Immunefi will publish an event-specific leaderboard, as well as bug reports from the event.

---