After several rounds of thorough testing with our tight-knit community, we’re ready to invite hackers to experience Harmony’s public staking testnet.

Join our Open Staking Network (OSTN), the steps are as follows:

• create yourvalidator；

• Start mortgage and collect entrustment;

• bountybounty。

Before embarking on your Stake Heist journey, please carefully study Harmony’s staking model and token economics, here are some useful links to get you started:

• documentGithubanddocument；

• Our Valid Proof of StakeDetailed guide(recommended to read before participating);

• mortgageguide；

• mortgageDashboard；

• by filling inform herefirst level title

  
  

What are the bounties?

There are two types of bounties in Stake Heist:

Submit an exploitable vulnerabilityexample:

example:

• Cheat as a validator and get rewarded;

• Staking tokens that are not yours or creating tokens out of thin air;

• Control more than 1/3 or 2/3 of the voting rights in a shard (sybil, timejack attack);

• Edit configuration of other validators with malicious intent;

• Manipulating median equity to obtain unfair equity;

• DDOS validator nodes to prevent it from proposing/signing blocks (BINGO);

• Double-spend attacks on the network;

• control validators or nodes that are not owned by you;

• project

project：These bounty programs are very useful for validators and delegators to use for staking. example:

• Automated re-hypothecation tool for validators;

• Establish validator entrances (social, informational);

• Alerting mechanisms for validators and delegators;

• Add multi-party delegation function on the mortgage dashboard.

first level title

Awards and Judging Criteria

There are three tiers of rewards/rewards. Each bounty submission may meet the criteria of one of them. Please check the initial bounty posting criteria for applicable tiers.

Judging criteria will consider:

• The severity of the exploit (e.g., affected users/cases, scale of impact);

• Threshold for copying;

• The level of research and analysis performed by the reporter;

• Relationship to existing bugs (derivatives of some known issues are unlikely to be eligible for prizes).

first level title

Submission Process and Guidelines

Exploitation method:

• Inform you in advance of brief information about the exploit by sending an email to heist@harmony.one (at least 2 hours before submission is recommended, especially for exploits that may affect network stability);

• use"stake heist" template, in theHarmony main repoOpen a taskbar on , submit your work. When submitting, be sure to click the "submit work" and link your issue on Gitcoin. You only need a small amount of ETH for gas, if you don't have it, you can also use it atGitcoin Faucetapply for some

• Within 12 hours, our team will mark your submission as valid. For other requirements, please get in touch with our team. You can useGithub, Gitcoin Chat and heist@harmony.one to contact us;

• Once a submission has been marked as valid, any other similar submissions will not be eligible for the prize. Participants need to be kept informed of other valid submissions in real-time (note that the "Valid" label does not guarantee a reward);

• project:

project:

1. Submit a request for extension approval by clicking the "Start Work" button in the bounty announcement in Gitcoin Releases. Your request needs to include the following:

   • A short description of the deliverable;

   • Estimated time of completion (for projects that may be outside the scope of the competition);

   • A list of functions and features.

2. Once your extension request has been approved by our team (within 24 hours of submission), you can start working on the project. Projects can be completed after the competition as long as the reason for the extension and the time frame are agreed to by the team;

3. Use the "stake heist” template, passed in theHarmony main repoOpen a new taskbar on or submit an application to submit your work;

4. Within two weeks after the end of the competition or after submitting the work, you will know the final judging list of the winners.

race condition

• There will be no duplicate rewards for similar submissions, and participants need to know the latest submissions in real time to avoid invalid duplication of work;

• Exploits related to issues identified and reported prior to the contest start date will not be able to be submitted;

• Please provide a detailed report and reproducible steps. Wrong report format will not allow effective audit;

• Do not attack other Harmony networks except OSTN;

• All activity related to the bounty can be found under the original post;

• Participants need to complete KYC to receive prizes (valid ID is required);

• The final award results will be judged by the Harmony team within 2 weeks after the end of the competition or within 2 weeks after submission (if late);

• Stake Heist will last for 2 weeks after it goes live. Entries submitted during this period will be eligible for Stake Heist prizes. The event will end at 23:59 UTC on May 1;

• Note that Harmony is an open source project;

• Vulnerabilities exploited entirely by external factors such as negligence of security by validators and third-party applications using node software will not be rewarded.

Welcome to our

• Welcome to ourPublic staking testnet Telegram group；

• Finish"Public Mortgage 101” small survey to find out how familiar you are with Harmony;

• It is recommended to read the following two articles so that you can have a deeper understanding of public mortgages: ""and""and"image description》。