Walrus Bug Bounty Program Goes Live

Walrus is launching the Walrus Bug Bounty Program to identify and resolve potential bugs across its decentralized storage platform. This program invites security researchers and developers to contribute to the safety and robustness of Walrus.

Key Areas in Scope

The Walrus Bug Bounty Program focuses on the most crucial elements that impact how users interact with Walrus along with the underlying core components and incentives. Submissions in the following areas are considered in scope:

• Smart contracts & onchain logic: This includes areas such as blob registration, resource management, shard migration, and governance.
• Core protocol components: This includes the "Red Stuff" erasure coding mechanisms and availability certificate processes.
• Public API interfaces: This includes protecting aggregator and publisher APIs from denial-of-service (DoS) attacks.
• Economic & incentive mechanisms: This includes ensuring correct fee payments and preventing zero-cost storage exploits.

Exclusions

Everything else is considered out of scope for this program and will not be eligible for rewards, including:

• Network-layer DoS attacks without lasting impact.
• Vulnerabilities in third-party systems.
• Theoretical impacts without proof of concept.
• Non-technical attacks.

Submissions

Submissions are managed through HackenProof, with qualifying submissions eligibleable to earn up to $100,000 (see the HackenProof page for more details). A particular emphasis will be placed on submissions that discover bugs related to Walrus’s economic model or data integrity.

Conclusion

The Walrus Bug Bounty Program helps ensure the Walrus protocol remains robust as Walrus Mainnet rolls out and edge-cases are explored. As the network grows, input from the security community can play a key role in strengthening the protocol and supporting its long term success.

‍