Thanks to everyone that participated in Stage 2. With us now moving into April, we’re going to be shifting into Stage 3. The key area of focus for Stage 3 is Smart Contracts. To point everyone in the right direction, we’ve put together a quick-start guide to Smart Contracts on Solana at the end of this thread. As we’ve created a specific compensation category for Smart Contract related bugs in this stage, we encourage everyone to familiarise themselves and take some time to walk through the information.
Stage 3 - Details
- Start Date/Time: Thursday, 2nd of April, ~10:00am PT
- Estimated Duration: 4 weeks
- Malicious behaviour will be incentivised
- The focus of Stage 3 will be Smart Contracts
- Additional details will be announced progressively depending on the progress made on the previous stages
- Within each stage the allowable attack surface will vary depending on engineering goals and any new features enabled with each new release. Similarly, metrics upon which participants will be measured against will vary to suit (i.e. performance may be enabled in future stages with Ramp TPS or some other method, and total stake accumulated would become a metric upon which compensation is tied).
- Our intention at this point in time is for each Stage to run for up to approximately 4 weeks.
- Future stages will not start until the previous stage is complete
Note that we reserve the right to change the schedule/duration if required, but we’ll endeavour to provide clear and ample notification if so.
Each Stage will be configured to behave exactly like the next-in-line upgrade for the Mainnet Beta network at each respective point in time. Participants can expect the attack surface to grow over time as more features are enabled. We’ll be starting with the v1.1.X release line in Stage 3.
Compensation slightly reworked since Stage 2, new sections have been indicated in bold for clarity:
1. Participation - This will be measured by multiple factors, including but not limited to if you’ve joined the network, are actively staked, are responsive to issues (i.e. don’t become delinquent, or actively work to resolve the issue if you become delinquent), implement patches/upgrades within a reasonable timeframe and remain so until the end of the stage.
Compensation Amount: 3,500 SOL per participant
2. Security Bug Bounties - We’ll be incentivising participants for identifying security issues within the network. This has been renamed because the previous title gave the impression to participants that an attack had to be successfully executed to be eligible for compensation. This is not the case, participants that reveal a security attack vector to the team, without executing the attack will still be eligible. Security Bugs will still be classified into two separate classes:
Critical: Security bugs that take down the network or successfully execute an economic attack. Issues that simply manifest over time due to failure of our software - without deliberate exploitation - will be excluded.
Compensation Amount: 20,000 SOL each
Smart Contracts: Bugs specifically relating to Solana’s smart contract module
Compensation Amount: 5,000 SOL each
Other: Any other security bugs that are identified but don’t fall within the ‘Critical’ category.
Compensation Amount: 3,000 SOL each
The participant submitting the security bug bounty still must file a github issue, describing the attack to be eligible (amongst registration etc.) for the compensation. Only if the attack was executed/demo’d then it is to remain off-limits and not attempted again until it has been resolved.
3. Compensation for Accidental Bug Identification - Bugs that are accidentally identified by any individual participant during Tour de SOL will still be eligible for compensation. This was retrospectively implemented into Stage 1 as well (congratulations to Everstake and Node-A-Team)
Compensation Amount: 3,000 SOL each
The introduction of this is not to discount the amount of effort required to deliberately identify exploits, but to encourage and incentivize validators for experimenting and exploring the code.
4. Equal Distribution of Compensation for Non-Assigned Bugs Identified - As a small gesture of recognition, all validators that actively participated in Stage 2 will be compensated with additional tokens on top of the the base amount, that will be calculated determined by the # of bugs successfully identified during Stage 1. This will be calculated as follows:
( total # critical bugs identified x Compensation amount for bug ) / total validators = additional compensation per Validator
( total non-critical bugs identified x compensation amount for bug ) / total validators = additional compensation per Validator
Communication Channels for the Event:
- Primary Channel: We’ve set up a channel titled #tourdesol-announcements which you can join to stay up to date on any major updates related to the events
- Other channels we’ll also be re-distributing any major announcements via:
- WeChat: message Dominic#6192 on discord to for an invite
- E-mail: Your registered email
Our Solana Github
Solana has been completely open-source from inception. You’ll find all of our code within this repository here
Our Web3 SDK
Solana Technical Documentation
These explain why Solana is useful, how to use it, how it works, and why it will continue to work long in the decades to come
Examples to Dive Right In:
Building a Simple ERC20-Like Token on Solana
On-Chain Entry Point is here
Client-Side Entry Point is here
On-Chain Program Entry Point is here
Program Entry Point is Dispatched here
As always feel free to reach out if you have any queries or concerns. A friendly reminder that participants need to complete registration for us to be able to distribute compensation. If you have issues on that front please also reach out. Introductory Note