While we’re still waiting on a specific release date for Facebook’s upcoming cryptocurrency, Libra, the company is aiming for an early 2020 release. That gives you plenty of time to find bugs in the currency’s infrastructure — a project that could reward you handsomely.
For readers who aren’t into crypto yet, the idea of bug-testing digital money might sound strange, but it’s a crucial aspect when developing a blockchain-based product like Libra. Unlike rolling out updates to an app or service to fix a post-launch bug, it is difficult to fix bugs once a cryptocurrency has hit public use, so finding and squashing them early is all the more important.
To help ensure Libra works correctly from day one, Facebook is offering up to $US10,000 ($14,809) per bug (depending on its severity) to users who can find flaws in Libra’s infrastructure. Payout options include both digital and real-world currencies — just in case you prefer dollar bills over the blockchain.
The bug bounty program for Libra is open to the public, and you can access it via its official hub page on Hacker One, which includes the program’s full details. You’ll need a HackerOne account in order to participate, and your reward is subject to the program’s copious terms, which include:
Adhere to these Terms and HackerOne disclosure guidelines.
You are not prohibited under applicable law from receiving any product, software or service offered by HackerOne or the Libra Association.
Report a security bug: that is, identify a vulnerability in Libra which can create a security risk. (Note that the Libra Association ultimately determines the severity of an issue in its sole discretion, and that many software bugs are not security issues.)
Describe in your report a problem involving one of the security issues listed as ‘In-Scope’ (see section below). Note that certain types of potential security issues are excluded from this bounty program; these are listed under ‘Out of Scope’ (see section below).
Submit your report via the Libra Security Page. Submit one issue per report and respond to the report with any updates. Please do not contact Libra Association employees directly or through other channels about a report.
Disclose in your report if you inadvertently cause a privacy violation or disruption (such as accessing private data, service configurations, or other confidential information) while investigating an issue.