Data Ownership Protocol is teaming up with HackenProof to establish a robust bug bounty program for our mainnet — meaning ethical hackers who uncover vulnerabilities can receive generous rewards.

 

HackenProof has established itself as a trusted platform for keeping crypto projects safe, with security issues identified and resolved before they can be exploited by malicious actors.

 

An expert community of more than 32,000 ethical hackers have signed up to showcase their skills — and more than $9.3 million has been paid out in rewards so far.

 

Some of the world’s biggest blockchain brands — including Near, Polygon, TON and Aptos — have also rolled out their bug bounty programs through HackenProof, along with centralized exchanges like OKX and HTX.

 

Hacken has already played a vital role in putting our smart contracts through their paces in a transparent and thorough audit, which was designed to give DOP users confidence that our infrastructure is safe. Its cybersecurity experts awarded our protocol a score of 9.7 out of 10 following their most recent report in May.

 

For DOP, extending this business partnership has been a no-brainer. We’ve long admired Hacken’s reputation, and the immense value its team brings as we build a secure ecosystem that champions selective transparency and data ownership.

 

The fact that HackenProof offers customizable rules means we’ve been able to build a bug bounty program that meets our needs. A professional and honest triage team is in place to assess the reports received, with payments made quickly when vulnerabilities are verified. All this, when coupled with a “hall of fame” that gives talented white hats the recognition they deserve, creates a dynamic environment where hackers and crypto firms can work together to make the industry a safer place.

 

Let’s explore how our bug bounty program will work — and how you can get involved.

Making DOP even more secure

 

Adopting a proactive approach to security is important — in recent years, we’ve all seen how devastating hacks have damaged the reputations of once-trusted businesses, with user funds gone in the blink of an eye.

Our bug bounty program is designed to incentivize ethical (“white hat”) hackers so they’ll alert us to potential vulnerabilities quickly, meaning they can be patched before causing widespread disruption.

 

The rewards on offer will be based on four severity levels, and white hats will be required to provide a proof of concept to receive a payout. 

 

They are:

 

Critical: Up to $300,000

Vulnerabilities that would result in the direct theft of funds that belong to users or DOP — as well as protocol insolvency and the permanent freezing of funds — fall under the highest severity level.

 

High: Up to $30,000

Smart contract issues that would lead to unclaimed yield being stolen or permanently frozen, or the temporary freezing of funds, have high impact.

 

Medium: Up to $10,000

This severity level relates to vulnerabilities that mean DOP’s smart contract cannot operate because of a lack of token funds — as well as block stuffing for profit, attacks that damage users or the protocol in a non-financial way, and the theft of gas.

 

Low: Up to $1,000

Scenarios within the scope of the bug bounty program here include circumstances in which the contract fails to deliver promised returns, but doesn’t lose value.

 

Ethical hackers will be eligible if they are the first to discover and disclose a previously unreported vulnerability — and provide adequate details so the issue can be reproduced and fixed. Crucially, they will be forbidden from making this flaw public, or exploiting it for financial gain.

 

There are some bugs that are outside the scope of this program. They include issues in third-party contracts or platforms that interact with DOP, as well as vulnerabilities that have already been identified.

 

We also have a few ground rules to bear in mind. Testing can only take place on private mainnets and mainnet forks, and phishing or social engineering attacks against customers and staff are forbidden. Denial-of-service attacks are also not allowed — primarily because we don’t want to cause disruption to users while attempting to prevent disruption.

 

This program offers significant rewards to talented security researchers who contribute meaningfully to enhancing DOP’s security.

 

Better still, this program is live right now. If you’re interested in getting involved, head to the DOP Bug Bounty page on HackenProof to learn more — and start submitting your reports.