The Polkadot <> Kusama Bridges Security Bounty has a budget of $250,000 in DOT and $250,000 in KSM, and aims to enhance the security of the Polkadot <> Kusama Bridge by identifying potential vulnerabilities and fixing them early. Maintaining an on-chain treasury bounty for a Kusama/Polkadot Bridges Bug Bounty program is essential to uphold network security and incentivize continuous security testing by the global hacker and research community. The program provides transparent, and accessible rewards that encourage ethical hackers to identify vulnerabilities before malicious actors can exploit them.
Even in the absence of valid submissions, the program must persist, as it acts as a deterrent to potential attackers and demonstrates an ongoing commitment to robust security measures. This continuous readiness helps ensure the bridges remain resilient and fosters community trust in the network’s dedication to safeguarding user assets and data. In order to improve submission rates and make the Kusama/Polkadot Bridges Bug Bounty program more appealing to hackers and researchers, we want to focus on increasing visibility, fostering community engagement, and simplifying the submission process. The following actions are going to be conducted at no cost to the bounty for the year 2025:
- Actively promoting the bounty developer at conferences (Sub0, Decoded, and more), and social media channels (X and LinkedIn). Promoting specific aspects of bridge security help keep interest high and engage a broader, security-focused community.
- Offering non-monetary incentives like public recognition in the Security Hub, and Parity/Polkadot merchandise.
- Encourage the community to help promote the program, including the assets at risk and the bounty classifications to hackers and security researchers.
The curator team has already done in 2024:
- Published the scope website under polkadot.network website umbrella.
- Promoted on X and LinkedIn.
- Mentioned the bounty program at the different talks and events Parity Security team has presented and attended.
- Multisig acceptance extrinsic of the curator for Polkadot and Kusama bounties. We proposed a curator referenda again in late 2024 because the curator seat was removed close to the expiration date.
The curator team remains committed to maintaining transparency and will provide quarterly updates from now and on as the program continues to live.