The official newsletter from Livepeer announced a Security Disclosure Program on June 29. The program applies to all non-smart contract scopes from the decentralized live-streaming project. Livepeer hopes this step would be integral to providing decentralized video streaming at an efficient price and larger scale.
Live peer is a network that provides decentralized video streaming to websites and other projects. Built on the Ethereum blockchain, the project hopes to utilize the powers of open-source software, underutilized resources like bandwidth and compute, crypto-economic incentives, and others. The project has more than 70,000 GPUs that can embed video streams on platforms like Facebook, Twitch, and YouTube.
The program has recently announced a bug bounty program on Immunifi, where developers can earn from contributing to the platform. The program is announced to cover all non-smart contract scopes of the streaming platform. The rewards on Livepeer are distributed depending on the threat level.
The first level includes the threats that are discoverable by popular automated bug detection software like SPF or DMARC and is referred to as “Not Included .”Although appreciated, this level offers no bounty except for a space in the Livepeer hall of fame.
The bugs that affect user experience and interface moderately are listed under the ” Low” category. A bug in this category can give up to $100.
The bigger bugs that directly affect video streaming but in a moderate way come under the “Medium” category. The medium-level bugs have no economic impact and offer $250 per detection.
Any bug that drastically affects the video streaming infrastructure or results in the loss of users’ funds is considered a high-level threat. A threat of this kind can range from $250 to $500.
The bug bounty program also includes the list of areas and activities they want to fortify through this program. It includes:-
- Direct theft of funds at rest and in motion.
- Permanent freezing of funds in the accounts.
- Insolvent performance during streaming and other activities
- Accidental issuance of LPT on Layer-1.
- Unauthorized and unexpected functions.
Users or developers can report to [email protected] and are requested not to share the information publicly. Any disclosure of bug information will lead to immediate disqualification. The submissions can be given Anonymously or pseudonymously. However, BTC or ETH rewards require identity verification. Users can also choose to donate to charity without disclosing their identity.
The Livepeer team reserves the right to call off the program at any point. The individuals must be from the sanctions list to receive the reward. And the bug testing must not violate or compromise data that does not legally belong to the individuals.