Aiming to identify vulnerabilities and augment security, the Push DAO ratifies a new Bug Bounty Program to involve the wider community.
In a move to strengthen the security of its decentralized communication platform, Push Protocol has officially launched a Bug Bounty Program. This initiative, ratified by the Push DAO, invites security researchers and community members to discover and report vulnerabilities, fostering community participation and enhancing the platform's overall security.
The program's streamlined process consists of three steps:
- Security researchers submit their findings through the official form.
- Designated Push Team members review and analyze the reported vulnerabilities, classifying them based on severity.
- Within one week, the Push team follows up with the reporter to provide the results.
Vulnerabilities are categorized according to four levels of severity:
- Critical Issues – those that have a serious, immediate impact on the protocol's functioning and could affect numerous users.
- High Issues – those that pose severe risks to individual users or Push's partners.
- Medium Issues – those with relatively small risks that do not jeopardize users or protocols interacting with Push.
- Low/Informational Issues – those that do not pose an immediate risk but are relevant to security best practices.
Rewards are determined by both the classification of a bug's severity and the likelihood of its being triggered or exploited, as assessed by the Push Protocol team.
To be eligible for a reward, participants must fulfill specific criteria, including being the first to disclose a unique vulnerability, providing adequate information for engineers to reproduce and resolve the issue, and refraining from exploiting or publicizing the vulnerability. Participants must be at least 18 years of age and not current or former Push team members, vendors, or contractors who have been involved in the development of the code in question.
Administered in three-month epochs, the Push DAO Bug Bounty Program's fund allocation may fluctuate with market conditions. Nevertheless, the Push DAO remains committed to providing funding for rewards to encourage contributors.
The Bug Bounty Program is the latest addition to Push Protocol's ongoing efforts to engage and nurture community involvement. While the program leverages the collective expertise of the community to enhance platform security, it also faces potential hurdles such as ensuring consistent reporting and expertise among participants, as well as maintaining long-term sustainability and funding. Ultimately, striking the right balance will determine the success of this initiative in creating a more secure and robust decentralized communication platform.