Cosmos doubles 'Stargate' bug bounty rewards to avoid repeating past mistakes

Published at: Oct. 9, 2020

In the lead up to its major network upgrade Stargate, Cosmos (ATOM) has announced a three-month-long bug bounty with double rewards to improve the software’s robustness prior to release. 

The key Stargate upgrade will complete the original roadmap laid out in the Cosmos Whitepaper and will include the first implementation of the IBC protocol — which allows Cosmos to connect to other blockchain networks.

According to early contributor Zaki Manian, the Cosmos Stargate testnet is ready to launch, however, the various Cosmos teams would like further test the upgrade “to identify critical bugs that may have made it past engineering and integration testing.”

The team is hoping to avoid a repeat of two incidents in the past year where serious bugs were found in critical components. In July a critical vulnerability in Tendermint’s consensus algorithm was identified by blockchain firm Bluzelle. In October 2019, the Cosmos team discovered another high-severity security vulnerability in the Tendermint Core.

The bug bounty, which will run from today until Dec 31, 2020, has “no maximum program reward,” — that is to say there's no cap on the amount one bug might be worth, nor the number of bugs one can report. Participants will receive a minimum of $5,000 for critical bugs identified, which is double the $2,500 reward in previous bug bounties. The rewards for low, medium and high-risk bugs have also been increased from $100, $500, and $1,000, to $200, $1,000, and $3,000 respectively.

VP of engineering at Cosmos development firm Interchain GmbH, Tess Rinearson, said that, “proactively finding and fixing bugs is a vital part of building strong, resilient blockchain protocols.”

“The release of the Stargate codebase reifies our commitment to the open-source community, with the goal of bringing Cosmos into a new era.”

Hackers and developers will be able to trial the upgrades to the Cosmos SDK, Tendermint Core, Gaia, and Inter Blockchain Communication (IBC) codebases. Cosmos is hoping to identify bugs in more than a dozen different categories, including memory allocation bugs, information leaks, authentication bypasses, denial of service vectors, and stolen funds.

Each report will be evaluated and rated at the discretion of blockchain security team Trail of Bits, who will consider the bug’s likelihood and possible impact of exploitation, and the quality of the reports submitted.

Security vulnerabilities continue to plague even the most mature of blockchains with a new Bitcoin (BTC) Lightning network vulnerability discovered today. In the past year, hackers have exposed vulnerabilities in DeFi products through price feed, oracle manipulation, ERC-777 vulnerabilities, and smart contract failures.

Tags
Blockchain
Web3
Cosmos
Related Posts
Sommelier partners with Mysten Labs to launch Cosmos smart contracts
Sommelier, a co-processing protocol to the Ethereum Virtual Machine, or EVM, announced a research and development partnership with Mysten Labs to increase liquidity transaction speeds and launch smart contract applications on the Cosmos blockchain on Tuesday. Founded in 2020 by Zaki Manian, a core developer on the Cosmos protocol, Sommelier is a test-net protocol designed to deliver enterprise-grade automated financial transactions such as limit orders, batched orders and portfolio rebalancing to decentralized finance, or DeFi, traders and liquidity providers, or LPs. The blockchain, which combines the Tendermint consensus layer, Cosmos Stargate SDK, and dual-way Ethereum bridge, will work with Mysten …
Blockchain / Sept. 21, 2021
A multichain future will accelerate innovators and entrepreneurs
My colleague, Elias Simos, likes to say we're living through a digital asset renaissance, including the digitization of non-digital asset value. Decentralized solutions to a myriad of financial and peer-to-peer obstacles are flourishing, but many innovators and entrepreneurs are still tied to old models of building the projects. Some platforms, such as Polkadot and Cosmos, are establishing new startup models suited for Web 3.0. They make it easier to create and connect decentralized applications and to empower innovators to build better solutions. Acting like a startup accelerator, these multichain protocols present a mechanism to launch and naturally scale hundreds of …
Decentralization / July 7, 2021
Blockchain Firm Bluzelle Uncovers a Critical Bug in Cosmos' Consensus Algorithm
Decentralized data network Bluzelle (BLZ) discovered a bug in the Tendermint consensus algorithm used by the Cosmos (ATOM) interchain protocol. According to a Bluzelle announcement shared with Cointelegraph on July 6, the firm discovered a bug in Tendermint during its validators competition. The competition, which involved 220 participants maintaining a Tendermint-based a testnet, at one point saw the blockchain halt completely due to the bug. The bug was already patched Validators participating in the competition were unable to resume their activities even after the blockchain was restarted. Bluzelle sent an extensive bug report to Cosmos after the incident took place …
Technology / July 6, 2020
Cosmos Network Discloses Critical Vulnerability in Tendermint Core
In a forum post published on Oct. 1 blockchain interoperability platform Cosmos has disclosed a “high-severity security vulnerability” that was found in consensus engine Tendermint Core. According to the announcement, an update patch was released the following morning. The vulnerability reportedly affected all versions of Tendermint, on which Cosmos is built. All validators and service providers on Tendermint-powered networks are encouraged to update their software as soon as possible. Blockchain to blockchain communication The Cosmos platform allows individual blockchains to communicate and transact with each other. Developed by the Tendermint team, it employs an inter-blockchain communication protocol to establish blockchain …
Blockchain / Oct. 4, 2019
Consensus Algorithm Tendermint Raises $9 Mln in Series A Investment Round
Blockchain consensus algorithm and peer-to-peer (P2P) networking protocol Tendermint has raised $9 million in a Series A investment round, according to a blog post published on March 14. Tendermint has raised $9 million in the Series A investment round led by cryptocurrency investment company Paradigm, with contribution from Bain Capital and 1confirmation among other investors. Part of the funds will purportedly be allocated to support of further development of the Cosmos Network and its ecosystem. The company also plans to spend the funds on the building staff and creating a sustainable business model. The round closing follows the Cosmos Hub …
Blockchain / March 15, 2019