Solana Tour de SOL Stage 9 - DropsEarn
Solana Tour de SOL Stage 9

Solana Tour de SOL Stage 9

    The Tour de SOL is a Solana event that will take place in stages. Each stage focuses on the different production capacities that will be required to become a network validator.

    Reward pool
    Not set
    Expected profit
    from ~ $800
    Max participants
    DropsEarn score

  • Activity Type: Tasks Bug bounty Tech
  • Date: 28 Oct 2020 20:00(UTC+3) - 25 Nov 2020 20:00(UTC+3)
  • Registration: Closed
  • Event status: You can't participate (Event ended)
  • Links: Detailed Registration Details Registration Official Announcement Website
Go to event page


Introductory Note

The focus will be:

  • Stake-O-Matic

Stage 9 - Details

  • Start Date/Time: Tues, 28th of October, ~10:00am PT
  • Estimated Duration: 4 weeks
  • Malicious behaviour will be incentivised
  • The focus of Stage 9 will be Stake-O-Matic

Registration closes the 27th of October 8:00am PT

Future Stages

  • Additional details will be announced progressively depending on the progress made on the previous stages
  • Within each stage the allowable attack surface will vary depending on engineering goals and any new features enabled with each new release. Similarly, metrics upon which participants will be measured against will vary to suit
  • Our intention at this point in time is for each Stage to run for up to approximately 4 weeks.
  • Future stages will not start until the previous stage is complete

Attack Surface

Each Stage will be configured to behave exactly like the next-in-line upgrade for the Mainnet Beta network at each respective point in time. Participants can expect the attack surface to grow over time as more features are enabled. We’ll be continuing with the v1.3.x release line for Stage 8.


Compensation has remain slightly changed since Stage 4. Recap on the structure provided below.


This will be measured by multiple factors, including but not limited to if you’ve joined the network, are actively staked, are responsive to issues (i.e. don’t become delinquent, or actively work to resolve the issue if you become delinquent), implement patches/upgrades within a reasonable timeframe and remain so until the end of the stage.

Compensation Amount: 500 SOL per participant

Security Bug Bounties

We’ll be incentivising participants for identifying security issues within the network. This has been renamed because the previous title gave the impression to participants that an attack had to be successfully executed to be eligible for compensation. This is not the case, participants that reveal a security attack vector to the team, without executing the attack will still be eligible. Security Bugs will still be classified into several overarching categories:

Critical Bugs

  • Loss of Funds/Safety Violation:
    • 50,000 SOL
  • Loss of of Availability (i.e. halting the network or preventing consensus from moving forward)
    • 25,000 SOL
  • DoS (i.e. flooding the node with messages, but not overwhelming the hardware)
    • 20,000 SOL
  • Any bugs that are ‘Critical’ but do not fall under the above categories will be assessed on the case by case basis and awarded
    • Up to 50,000 SOL

Smart Contracts Bugs (Bugs specifically relating to Solana’s smart contract module)

  • 5,000 SOL each

Non-Critical Bugs (Any other security bugs that are identified but don’t fall within the ‘Critical’ category)

  • 3,000 SOL each

Accidental Bug Identification

Bugs that are accidentally identified by any participant during Tour de SOL will still be eligible for compensation. Note that individuals are responsible for adding the following comment in the issue “Found in TdS Stage #” and requests the Solana team to add the “tour-de-sol” label to the issue, otherwise it won’t be counted

  • 3,000 SOL each

The introduction of this is not to discount the amount of effort required to deliberately identify exploits, but to encourage and incentivize participants for experimenting and exploring the code.

Eligibility for Bug Compensations:

  • The participant submitting the bug bounty still must file a github issue, describing the attack to be eligible (amongst registration requirements etc.) for the compensation.
  • Valid exploits can be eligible even if they are not successfully executed on the cluster
  • Multiple submissions for the same class of exploit are still eligible for compensation, though may be compensated at a lower rate, however these will be assessed on a case-by-case basis
  • Note that individuals are responsible for adding the following comment in the issue “Found in TdS Stage #” and requests the Solana team to add the “tour-de-sol” label to the issue, otherwise it won’t be counted

Other Notes:

  • As with all previous compensation, SOL earned are locked for 12 months and will be distributed quarterly in general
  • U.S. individuals and entities are excluded from participating

Communication Channels for the Event:

  • Solana Discord 5: We’ve set up a channel titled #tourdesol-announcements which you can join to stay up to date on any major updates related to the events
  • For any questions please reach out to Dominic (watch out for imposters):

Compensation Registration Process

Please complete the steps below to be eligible for token compensation for validation services on Solana’s Tour de SOL and Mainnet Beta networks. Solana’s networks are permissionless and therefore anyone can begin running a validator node at any time. Registration and KYC are required to receive compensation from the Solana Foundation until a time when inflation and network rewards might be enabled. Please note that U.S. entities and individuals are not eligible to receive compensation at this time.

  1. Tour de SOL (TdS) Registration Form
    - Registration and successful participation in at least one stage of TdS is a requirement before becoming eligible for compensation on Mainnet Beta
    - More info on Tour de SOL here
  2. KYC/AML (via Passbase)
    - If you’ve completed KYC/AML previously for SLP or TdS with the same entity/individual on Coinlist or Passbase, then you will not need to go through this again.
    - We cannot accept U.S. entities or individuals for KYC or compensation
  3. Complete Participation Agreement
    - Please use the same email address as used for Passbase identity verification
  4. Join Our Discord
    - Requirement for all validators, as this is our primary communication channel for technical discussions, network announcements and upgrades, etc