[rvz]

See. These crypto bounties pay as much or even more than big tech bug bounties.

This bounty prize is the equivalent of finding a Chrome zero day bug or an iPhone zero day RCE jailbreak. There are lots of >$1M bug bounties in crypto.

The question is, would you rather target Chrome/Safari or iPhones and find and chain-up 5 - 10 zero days for $1M+ or target crypto projects instead for $2M per project?

You're really missing out.

[yao420]

I’m not a crypto hater (I used to work security at coinbase) but I think that while a chrome or iPhone zeroday might be worth less in bug bounty it’s worth more for a security engineers career long term.

Having the iPhone bug and the accompanying conference talk and blog post will allow you get hired by nearly any good security or tech company. No one cares about blockchain bugs except other crypto companies. When I and a bunch of other coinbase engineers were looking for jobs we were looked down at for even working in crypto. And weren’t even in the blockchain team! Just regular engineers.

I myself have dedicated a couple of months to testing gnosis and curve that each have $2 million bounties but turned up short. Last year I switched to a ML based fuzzing research and was able to speak at defcon and got crazy offers after publication.

[tptacek]

Serious Chrome and iPhone bug chains can be worth this much on the market, but the amount of engineering effort that goes into supporting that kind of pricing (across all the buyers, aggregated) is extreme. The subthread that unfolds from this comment is about fuzzing, but finding a vulnerability is a small part of actually selling it on the market.

Vendor bounties for these kinds of vulnerabilities are going to tend to be sharply lower than this crypto bounty, which was for a directly monetizable vulnerability. But there's a lot going into that vendor bounty price point.

[zEddSH]

Can you share more about ML based fuzzing? I do pretty basic fuzzing and that's been pretty useful at work for testing, and am keen to learn about better more modern approaches than mine!

[digital_sawzall]

Fuzzing is a massive field now. I don't know what you are doing specifically but this is a collection of good related papers: https://github.com/wcventure/FuzzingPaper.

I would find what is most like your problem domain and dig in :).

[zEddSH]

I've been doing the simplest possible things to URL parameters and POST bodies but even that's been effective! Thanks for the link!