Incentivized Testnet Bug Bounty Program
As part of the Pocket Incentivized Testnet, Pocket is also announcing our first bug bounty program. Participants will have the opportunity to earn POKT for identifying bugs in the network, to help ensure the security of the test network. Bug bounty participants can earn rewards in proportion to the severity of the bugs discovered, by identifying and reporting the bugs to the team. The testnet bug bounty program will run over the entire course of the incentivized testnet. To report a bug, participants must send an email to security@pokt.network with the details of the bug.
The bug bounty program will use the OWASP risk rating model to determine the threat level of the bug.
Bug Bounty 20% — Up to 5m POKT
- Low Severity — 12.5k POKT
- Medium Risk — 25k POKT
- High Risk — 50k POKT
- Critical Risk — 125k POKT
Examples of Critical Risk Bugs:
- Zero-knowledge range proof
- Merkle sum tree
- Inflation attacks
- Collusion attacks
The goal of the bug bounty is to prioritize critical attacks that could fundamentally impact the network, node operators and the applications running on the network. Submitting bugs anonymously or with a pseudonym is fine, however, in order to be eligible for the bug bounty rewards paid in crypto, we require your real name and proof of your identity.
Legal Disclaimer
The Pocket Network bug bounty is a discretionary rewards program for members of the Pocket community to encourage and reward those who are helping to improve the security of the network. You should know that the program can be cancelled at any time, and awards are at the sole discretion of Pocket Inc. In addition, we are not able to issue rewards to individuals who are on sanctions lists or who are in countries on sanctions lists. You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.
Bounty Repos
Resources
Join Incentivized Testnet
Connect with Pocket
