[~2,000 USD] DDOS a validator node to prevent it to propose/sign blocks (BINGO)

[gizemcakil]

About The Bounty

Please carefully review the competition terms and submission process before starting. https://github.com/harmony-one/harmony-open/blob/master/README.md

Description

This is an open ended bounty to identify exploitation areas, specifically related to preventing a validator node from proposing and/or signing blocks by DDOS like attacks. OOM, MiTM and eclipse attacks will be considered under this bounty.

Useful readings:

• The Definitive Guide to Harmony Open Staking
• Basic node and staking definitions
• Node setup documentation

Prizes

There are two tiers of prizes for this bounty. The prize tier for each submission will be evaluated and decided by the Harmony engineering team. The judging criteria for tiers are:

• Criticality of the exploits
• How easy/complex it is to recreate
• Level of research and analysis done by the reporter
• Relationship to existing bugs (derivatives of known issues are not likely to be eligible for prizes)

IMPORTANT NOTE: The prizes will be paid in native ONE tokens, the fiat value of prizes will change with token prices.

Explore All Bounties

https://gitcoin.co/profile/harmony-one

[sophoah]

IP addresses of external validators are not exposed, so the main challenge here would be figure out the IP, or expand the attack to the entire shard/network as a whole

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 0.001 ETH (0.17 USD @ $170.32/ETH) attached to it as part of the harmony-one fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $98,882.94 more funded OSS Work available on the Gitcoin Issue Explorer

[daniyal-24]

john