The Starcoin blockchain mainnet will soon go live and is now launching a security bounty plan that will run from March 15, 2021 to April 15, 2021. We hope to unite security researchers from the global community to work together to continuously enhance Starcoin system security by examining potential vulnerabilities in the Starcoin blockchain test network system. The end of the event will also kick off the Starcoin mainline.
Starcoin is a new generation of layered smart contracts and distributed financial network, which aims to provide a secure platform for digital assets and decentralized financial operations, allowing blockchain to be applied in more areas with lower barriers. It has the following features:
- Enhanced Satoshi Nakamoto consensus protocol to maximize throughput while ensuring security
- Flexible decentralized on-chain governance system to ensure the chain’s continuous evolution capability
- New generation of smart contract programming language Move, virtual machine and standard library for asset-oriented programming
- Layered network model, one and two layers work together to solve blockchain scalability challenges
Time :2021.3.24–2021.4.24
Participation Portal:Starcoin github
Security issue Submission:Starcoin github issue
Bounty Description:
Participation award:
Every user who submits one bug or more within the promotion period will receive a Starcoin mining rig worth thousands of yuan. Each user can only receive one rig.
L0: 5,000U+5,000STC
The security issue resulted in the need hard fork to resolve problem.
L1: 2,500U+2,500STC
The security issue affects most nodes across the network and requires them to update to new version.
L2 :500U+500STC
The security issue affects a single node and requires its updated version.
Security issues description:
Including but not limited to
Consensus attacks
- Network-wide blockless/slow blockout: less than 100 blocks in 2 hours. l1/l2
- Network-wide transactions cannot be uploaded: the number of empty blocks is greater than 100 blocks within 2 hours. l1/l2
- Successful double-spend problem under non-51% attack L0
Node/p2p network attacks
- The node is put into an abnormal state through network message broadcast, protocol attack, etc. The abnormal state is determined by:
— node abnormally exits. l2
— the node is unable to broadcast transactions and new blocks to the network.
— the node is unable to synchronize to the consensus block. Slow sync/incorrectly synced blocks. L2
— non POW power causes no blocks out, unable to receive/execute transactions. l2
— causes node to have abnormal memory/cpu usage. l2
— manually judged, not among the above, but also causing node anomalies/fake deaths. l2
2. the above attacks can automatically mass infect other nodes in the network. l1
Account attack
- Successfully steal the private_key, password of the account. L2
- Successfully steals the node’s node_key. L2
- successfully construct a fake signature. L2
Smart contract attack
- Successfully modify the account resource without access rights: e.g. transfer starcoin from the account. L0/L1 2.
- censorship attack, successfully thwarting a majority challenge within a time window: bypassing a vote to modify the configuration of a contract. L0/L1
- fake recharge. l0
- disrupting Starcoin’s financial system, e.g. by issuing additional tokens. l0
plan description:
- This plan is available only for Starcoin .
- Must be submitted on the official Starcoin page, describing the work done and the steps to reproduce the issue.
- If multiple people report similar issue, only the first to submit will be rewarded.
- The prize (USDT/STC) will be paid within one month after the Starcoin mainnet goes online.
- The final right to explain this plan belongs to Starcoin.
- starcoin.org
- Github
- Twitter: @StarcoinSTC
