💰 Bounty: Break @thorchain_org to Earn an Attack Bounty

You need to:

a) Bring down the THORChain network (halt/kill).
b) Steal funds from vaults.
c) Cause funds to be lost.

* DDOS vectors aren't included at the moment but may be later.

2/ The network is currently operating in 2 states:

a) TestNet with real nodes but fake bonds.
b) ChaosNet with real nodes, real bonds and real assets on ChoasNet BEPswap.

^ Both are are running the same code. Testing must be done on the TestNet.

3/ You may setup a TestNet #THORNode by using their official documentation:

docs.thorchain.org/thornodes/over…

4/ You may attempt to identify vulnerabilities by digging into THORNode code:

gitlab.com/thorchain/thor…

5/ and performing the following:

a) Code review and live testing on TestNet.
b) Review an existing vulnerability recently found, it gives a good example of the type of work that's involved:

medium.com/thorchain/issu…

6/ ^ There was a code path that refunded the bond without actually removing the bond. Here's another discussion related to it:

t.me/thorchain_dev/…

7/ Compensation via:

a) Per-bounty / bug uncovered.
b) If you have a team that performs such work, please send a proposal to the THORChain team via Telegram/

Join the channel in order to begin interacting with the team, node operators and developers:

t.me/thorchain_dev

8/ Contact Chad, Leena or Kai in the Telegram channel for more information re: attack bounties.

9/ What's THORChain? Read this starter pack: