White Hat Security Activity Plan
DSC
0x79d7
May 3rd, 2024

Background: Given the issues encountered by io.net, we realized that the presence of security vulnerabilities could pose significant risks. To ensure and verify the security and stability of our system, we have decided to initiate the DSC White Hat Security Activity. We invite security experts, researchers, and users to participate in testing, discovering, and reporting potential security vulnerabilities, and to work together to resolve these issues.

Objectives:

  • Identify and report security vulnerabilities within the system, including but not limited to authentication issues and data leakage risks.

  • Increase the team's awareness and prioritization of system security.

  • Optimize security measures to enhance the overall security level of the system and boost user confidence in participation.

Activity Details:

  • Reward Program: Establish a reward system, assigning token rewards for different levels of vulnerabilities, with prompt issuance following confirmation of the vulnerability reports.

  • Funding: 1% of the DSC Ecosystem Development Fund (20%) will be allocated for DSC security maintenance and white hat security rewards.

  • Reward Levels:

    • Critical: Major vulnerabilities that directly threaten system integrity, data security, or availability, such as remote code execution and comprehensive data leaks.

    • High: Vulnerabilities that significantly affect system functionality but do not directly threaten overall system security, such as limited data leaks and permission bypass.

    • Medium: Lesser-impact, more challenging to exploit vulnerabilities, such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).

    • Low: Minor impact or vulnerabilities that require very specific conditions to exploit, such as information leaks and API misuse.

  • Reward Distribution Rules:

    • Verification: All reported vulnerabilities must be verified by the team to confirm the reward level and amount.

    • Timeliness: Once a vulnerability report is confirmed, rewards should be issued within one week to the reporter's designated account.

    • Fairness: If multiple reports are submitted for the same vulnerability, the reward will be granted to the first submitter.

    • Transparency: All valid vulnerability reports and their rewards will be publicly disclosed within the community to ensure an open and transparent process.

  • Special Incentives:

    • Annual Security Ambassador: The most outstanding white hat hacker of the year will be awarded the title of "Annual Security Ambassador," receiving special rewards, such as 30,000 DSC Tokens, and VIP treatment at next year’s DSC Security Conference.

  • Testing Scope: Focus on testing core system functionalities and common interfaces during the activity, with particular attention to user authentication, data transmission, and device linking.

  • Testing Environment: Provide a dedicated testing environment to ensure that participants can test vulnerabilities safely without impacting the production system.

  • Testing Guide: Provide detailed testing guidelines, including methods for discovering vulnerabilities and requirements for report formatting, to ensure the accuracy and consistency of vulnerability reports.

  • Reporting Channels: Establish secure channels for reporting vulnerabilities, ensuring that participants can report discovered vulnerabilities safely and confidentially.

  • Review and Rewards: Regularly review received vulnerability reports, confirm their validity and severity, and promptly issue corresponding Token rewards to participants.

  • Improvement Measures: Based on vulnerability reports and test results, promptly improve the system’s security measures and defense mechanisms to enhance overall system security.

  • Participation Method: Official website development test registration submission portal, where users can apply for beta testing qualifications through Gmail submissions.

Timeline:

  • Activity Duration: The activity is expected to last for 4 weeks from the start to the end of testing.

  • Reward Distribution: Rewards are issued promptly after confirmation of vulnerability reports, with final reward distribution and public recognition occurring within one week after the end of the activity period.

Expected Outcomes:

  • Raise the team’s awareness and prioritization of system security, ensuring the safety and stability of the system, and providing more secure and reliable services for users.

  • Discover and resolve existing security vulnerabilities in the system, enhancing the overall security level.

  • Encourage more security experts, researchers, and users to participate in future security activities.

Subscribe to DSC
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
D0sR7bNJewjoTJS…A5NjTwKcAvxEuP0
Author Address
0x79d7865aE382FBA…bEA8E93cf053fFc
Content Digest
YP2siJKnkVNgtir…IS2o9obNtDe3ukg