The second phase of Rooch Network’s one-month Bug Bounty program has successfully concluded! We sincerely thank all the developers and security experts who participated in this event. Your support and contributions have made Rooch Network’s pre-mainnet operations safer and more robust. Below are the detailed results of this round of the Bug Bounty program:
Vulnerabilities Details
A total of 4 valid vulnerabilities were identified in this round, including 2 high-severity issues and 2 medium-severity issues, as detailed below:
High Severity Vulnerabilities:
-
Reported by: m4sterchain (opens in a new tab)
-
Excessive objects in bytecode causing process memory exhaustion (opens in a new tab)
Reported by: m4sterchain (opens in a new tab)
Medium Severity Vulnerabilities:
-
Incorrect value updates causing inconsistent states in grow_information.move (opens in a new tab)
Reported by: nathanogaga118 (opens in a new tab)
-
Passing an oversized maxInactiveInterval causing integer overflow (opens in a new tab)
Reported by: baicaiyihao (opens in a new tab)
Details of the reports, including IDs and Github profiles, are available here: 👉 Bug Bounty Phase 2 Details (opens in a new tab)
Rewards Distribution
According to the Bug Bounty Phase 2 Rules (opens in a new tab), rewards will be distributed during the TGE (Token Generation Event). The total reward pool is 12,000 U worth of Rooch Tokens, distributed as follows:
| Reporter | Vulnerability Type | Rewards |
|---|---|---|
| m4sterchain (opens in a new tab) | High Severity * 2 | 10,000 U Rooch Tokens |
| nathanogaga118 (opens in a new tab) | Medium Severity * 1 | 1,000 U Rooch Tokens |
| baicaiyihao (opens in a new tab) | Medium Severity * 1 | 1,000 U Rooch Tokens |
Concluding Words
This Bug Bounty round has significantly enhanced the security of Rooch Network and reaffirmed our commitment to developing alongside the community. Moving forward, we will continue to improve network performance and launch more Bug Bounty programs, working together with developers to create a stronger Bitcoin ecosystem.
We extend our heartfelt thanks to all contributors and supporters for your efforts and trust! Let’s continue building a more secure and efficient Rooch Network together.