San Francisco-based cryptocurrency platform and titan, Coinbase, recently handed out a gargantuan USD $30,000 bug bounty to identify and fix a critical flaw in its systems. On February 12th, 2019, Coinbase’s bounty and vulnerability disclosure platform on HackerOne detailed the bug identification, with a Coinbase spokesperson confirming that the vulnerability had since been remedied (no further details on the matter).
In the past, Coinbase has paid out smaller bounties, ranging from USD $100-$1,000, however, this appears to be the largest bounty logged to date. For Coinbase’s bounty program, they offer rewards in four tiers: $200 for low priority, $2,000 for medium priority, $15,000 for high priority, and $50,000 for critical bounties. This $30,000 bounty falls right in the middle of high priority and critical bounties.
Note that the payouts listed for each bounty tier are the minimum bounties for each tier, and Coinbase does in fact award bonuses based on the severity of the vulnerability in question.
Let’s take a further look at Coinbase’s vulnerability disclosure platform and the requisite criteria for criteria for critical bugs.
Coinbase’s Vulnerability Report Criteria
The critical nature of a Coinbase bounty is determined by several factors, such as its critical impact, exploitability, and severity. The vulnerability disclosure terms expand on the three bug assessment factors:
- Critical Impact: Attackers are able to read or modify sensitive data in a system, execute arbitrary code, or exfiltrate fiat or digital currency.
- Critical Exploitability: Attackers are able to unilaterally exploit such finding without serious roadblocks or special conditions outside of their control.
- Critical Severity: A state of immediate and easily accessible threat of large-scale compromise or irreversible damage.
As it seems every week we hear about a new exchange or platform being compromised or under imminent attack, having a comprehensive bug identification and bounty program in place is critical for ensuring platform integrity and user experience.
All assessment factors are in furtherance of two key and high priority values stated by Coinbase – to safeguard digital and fiat currency balancers, and customer information.
You can find more about the Coinbase vulnerability disclosure and bounty platform here – https://hackerone.com/coinbase.
Make sure to follow our cryptocurrency blog for all the latest blockchain updates and information!