Did you Know: What’s a Bug Bounty Program?

SPR

30 September 2021

A bug bounty program is used to inspect protocol code and rewards inspectors if bugs are found successfully. Code and product quality can be increased significantly by such swarm intelligence. Therefore, MOBIX stands on a solid foundation as it leverages the Fetch.ai blockchain.

Even the best developers make mistakes. In order to gradually eliminate resulting bugs, a good solution is to motivate numerous competent inspectors to search through protocol code and identify weak spots in the code. Such vulnerabilities may be lucrative for blackhat hackers, so it is important to create appropriate incentives for whitehat inspectors to work as thoroughly as possible. Considering the follow-up costs that programing errors can result in, this can often be a very sensible investment.

Bug bounty programs are open to the public for this purpose, in order to acquire as many technically skilled inspectors as possible for a bug hunt. So-called “Full Disclosure” documentation discloses the program bugs completely publicly, while in the “Responsible Disclosure” model, only the originator is informed about the bugs for a limited time to have enough time to solve the problem. Responsible Disclosure is usually utilized when bug concerns a severe vulnerability to a live system which has not yet been exploited by attackers. One such case was the Zcash Counterfeiting bug discovered by the Electric Coin Co. in 2019.

Our partner, Fetch.ai launched a bug bounty program which ran from mid-2019 until the recent migration to the mainnet, which took place on 20 September 2021. There was a public call to inspect the code on Fetch.ai‘s Github ledger repository and report bugs as a Github issue, ranging from critical to low risk level. Depending on the severity of the bug, a reward of up to $10,000 in FET was available.
We mention this because our latest project, MOBIX is deployed to the Fetch.ai blockchain.  In essence we’re able to leverage both the Cosmos SDK and Fetch.ai as a foundation for MOBIX. Due to the bug bounties run by Fetch and by the Interchain Foundation to assure code quality the chances of any kind of problem is significantly minimized.