Looking to earn big while doing good? The Firedancer v0.1 Boost on Immunefi is your opportunity to help secure a new validator client for the Solana blockchain, and earn up to $1,000,000 in the process.

With a substantial codebase of approximately 200,000 nSLOC, this Boost offers significant potential for the right security researchers. However, the extensive scope could feel daunting, especially if you’re wondering where your time would yield the highest ROI.

This article breaks down the Firedancer v0.1 codebase, and gives insights into where your time could be best spent.

Firedancer v0.1 Boost Overview

Firedancer v0.1 is a newly-developed, independent validator client for Solana, designed with speed, security, and resilience in mind. Its architecture is built by those with experience from low-latency trading systems, making it a high-performance and secure option for the Solana network. This Boost, live from July 10, 2024 to August 21, 2024, offers rewards paid in USDC on Solana.

Here’s why the Firedancer v0.1 Boost is worth your time:

• Significant Rewards:The reward pool scales with the severity of the bugs found, starting at $50,000 and potentially reaching $1,000,000 if multiple critical bugs are discovered.
• High Impact: By securing Firedancer v0.1, you’re directly contributing to the robustness of Solana’s infrastructure, impacting a major blockchain ecosystem.

Firedancer v0.1 Code Breakdown

Given the complexity and size of the Firedancer v0.1 codebase, it’s crucial to focus on the areas that align with your skills and experience. Here’s how you can approach your bug-hunting journey:

High-Level Code Review

1. Main Entry Point: src/app/fdctl

• Description: This is where the codebase begins, handling the main functions and kicking off the boot process.
• Expertise Required: Security sandboxing, system calls.
• Why It Matters: The entry point is the foundation of the codebase, making it a prime target for identifying vulnerabilities that could compromise the entire system. If you have a background in system-level programming, this is a great place to start.

2. Cryptography and Transactions: src/ballet

• Description: Focuses on cryptographic algorithms, block packing, and transaction processing.
• Expertise Required: Computer science, hashing, cryptography.
• Why It Matters: Cryptographic integrity is crucial for the security of the entire blockchain. If you specialize in cryptography, this section offers high potential for finding impactful bugs.

3. Formal Verification: verification/proofs

• Description: Contains formal C Bounded Model Checker (CMBC) proofs verifying certain codebase properties.
• Expertise Required: Formal methods, mathematics.
• Why It Matters: Formal verification is essential for ensuring the system behaves as expected. Bugs here could undermine the very guarantees the system is supposed to provide, making this a high-value target for those with a strong mathematical background.

4. Utilities: src/util

• Description: Includes utility functions, sandboxing, math operations, SIMD wrappers, and I/O wrappers.
• Expertise Required: General programming, system utilities.
• Why It Matters: Utilities are the backbone of any codebase, supporting various functions. By securing these, you help prevent a wide range of potential vulnerabilities.

Low-Level Code Review

5. Inter-Process Communication: src/tango

• Description: Handles inter-process communication, focusing on concurrency and producer-consumer paradigms.
• Expertise Required: Low-level C, concurrency.
• Why It Matters: Secure and efficient inter-process communication is vital for system performance. This area is perfect for experts in low-level C programming looking to make a significant impact.

6. Networking: src/waltz

• Description: Covers networking protocols like QUIC, XDP, and TLS.
• Expertise Required: Networking, low-level C, device drivers.
• Why It Matters: Networking is critical for any distributed system. If you have expertise in network security, this section offers a chance to uncover vulnerabilities that could disrupt data transmission and compromise the entire network.

Maximizing Your ROI

If You Have Limited Time (Less Than a Week):

• Focus on src/app/fdctl or src/ballet: These areas are foundational and contain high-impact vulnerabilities.
• If you’re skilled in cryptography, src/ballet could be particularly lucrative.

If You Have More Time (A Week or More):

• Consider diving into verification/proofs if you’re comfortable with formal methods.
• Explore src/tango and src/waltz if you’re interested in low-level C programming or networking.

Get Started Now

The Firedancer v0.1 Boost is not just an opportunity to earn significant rewards — it’s a chance to contribute to the security of the Solana blockchain. By focusing on the areas of the codebase that best match your skills, you can maximize your ROI and make a meaningful impact at the same time.

Ready to start? You have until August 21st to hunt! Head over to the Firedancer v0.1 Boost page on Immunefi, review the scope, and start your journey into the codebase. The clock is ticking, and huge rewards are waiting!