The Tron (TRX) Foundation had a Mainnet Bug Bounty program aimed at rewarding developers who discovered potential technical vulnerabilities in the Tron Mainnet. Through this project, the Tron Foundation was hoping to attract global leaders in network security so as to sustain the Tron mainnet and make it the most secure and stable public blockchain in the industry. This would in turn make the future DApps created on the platform, more stable and secure for their users.
It is with this background that the results of the June Github Bug Bounty have been announced by the Tron Foundation via their medium.com page. Five developers have been awarded a total of $25,000 with individual prizes as follows:
However, the month of June was the last month the Bug Bounty was being directly handled by the Tron Foundation. There is a new bug bounty program being run by Hackerone which is completely different from the initial Mainnet Bug Bounty program that had an upper cap of $10 Million. This new program is effective immediately.
The new Github Bug Bounty program has four categories for bugs with the following corresponding rewards:
- Critical – $10,000. This includes bugs that can take control of Java-Tron nodes by remote execution and bugs that lead to private key leakage
- High – $6,000. Bugs which can incur Denial of Service (DoS) in Java-Tron through a Peer-to-Peer network or through RPC-API
- Medium – $3,000. Bugs which can incur Denial of Service (DoS) in Java-Tron through the Tron Protocol and the bugs that allow unauthorized operations on user accounts
- Low – $100
The Tron Foundation will make an effort to respond to initial reports of bugs within 2 days. They will then gauge the level of seriousness of the vulnerability and respond within another 2 days. Valid bug bounties will then be disbursed 14 days after the bug has been categorized.
The Tron Foundation encourages everyone to participate in the new HackerOne BugBounty program through the following statement:
We highly welcome everyone to participate in the HackerOne Bug Bounty. For details of the program, please see: