- IOTA Foundation aiming to make Trinity wallet more secure
- Private bounty program already been going on for 5 months
- Bounty rewards range from $100 to $1500
In a bid to bolster the security of their beta cross-platform wallet Trinity, the IOTA Foundation officially commenced its Trinity Wallet public bug bounty program by making an announcement on Medium on October 25, 2018.
Security the Prime Concern
In his Medium post, Lewis Freiberg, Director of Ecosystem at IOTA, stated that the IOTA community has welcomed the Trinity wallet with arms wide open. Freiberg noted that the wallet has proved to be a major step forward compared to its predecessor with regards to platform compatibility, design, usability, and security.
However, security of the wallet is something the IOTA Foundation puts high emphasis on, which is evident from the fact that the wallet has already undergone multiple code audits to gauge its safety prowess.
The Foundation has also been running a private bug bounty program for the last 5 months with Bugcrowd to help identify bugs and loopholes in the existing code that could potentially compromise the safety of the wallet.
The post reads in part,
“Our intention was to create a beautiful wallet experience that didn’t compromise on safety. The team has delivered a great product. However, even after the multiple external audits we’ve had on the Trinity Wallet, we understand that security isn’t something you ever finish. It’s a continual process.”
Notably, the wallet app is available for mobile and desktop platforms both. The beta cross-platform wallet was created with the help of React Native for Android and IOS mobile devices, while for the desktop versions it used Electron for Linux, Windows and Mac OS.
Bug Bounty Program Now Open to Public
Aiming to incentivize users to test the wallet security, the IOTA Foundation has kick-started the Wallet public bug bounty program with bounties ranging from $100 to as high as $1,500.
Detection of low vulnerabilities will reward the bounty hunter with $100. Similarly, $300 for medium vulnerabilities, $900 for severe vulnerabilities, and $1,500 for critical vulnerabilities will be given out.
However, it’s worth pointing out that protocol bugs unrelated to Trinity wallet will not be considered for rewards.
Interestingly enough, one of the researchers has already been rewarded according to the program’s Bugcrowd page.