In the light of the recent events, we have decided to launch a bug bounty to help audit our software.
For the start, the following pieces of software are part of this program:
Arionum node - https://github.com/arionum/node
LightWalletCLI - https://github.com/arionum/lightWalletCLI
LightWalletGUI - https://github.com/arionum/lightWalletGUI
We are looking for any vulnerability that can be done remotely and that can result in stolen coins, compromised servers, blockchain manipulation, badly implemented cryptography, key collisions etc.
The bounties are offered based on the severity of the vulnerability, start at 100$ and go up to 2000$ for a critical vulnerability. The payment is sent in bitcoin.
The reports should offer a proof of work and we must be able to replicate it.
We are not looking for xss, csrf, dll hijacking or vulnerabilities in other pieces of software (ex: web browsers).
Please contact us privately with the vulnerabilities so we have time to patch things up before the public release. Either here or on discord, @AroDev
The bounties are offered by the Arionum Developers, please do not abuse the bug bounty program. The total budget for this program is 5.000 USD.