Q: What is SocketSentinels?

A: SocketSentinels is an exclusive security collective with vested stake in Socket governance. SocketSentinels drives security for the Socket Protocol. They will be a key part of the Socket governance & will ensure that Socket is battle tested has highest security standards for protocols. They ensure that apps can build on Socket without worrying about security

Q: Why should I join SocketSentinels?

A: As a SocketSentinel, you will be a part of an exclusive community of security experts that will lead security for interoperability from the front. You will have vested stake in Socket governance, direct access to any future Socket tokens for your contribution

Q: What is Surge?

Surge is a way for you to join the SocketSentinels by showcasing your security expertise & competing with fellow hackers. During Surge, you can attempt to break Socket’s incentivised testnet, report vulnerabilities & expolit lootboxes

Q: Why do I participate in Surge?

Surge is your opportunity to join the SocketSentinels. You can participate in Surge to showcase your security expertise and compete with fellow experts. By participating you become eligible for any potential future Socket tokens, and get to collect 150,000 in USDC

Q: How do I participate in Surge?

A: First, you register in this link, and we will send you an invitation to join the Github-gated Discord channel from May 1st. From there, you can start participating!

Q: What is SurgePass?

A: SurgePass is your gateway to start reporting vulnerabilities & attempting to loot lootboxes. SurgePass can be claimed by finding on-chain easter bugs. SurgePass will be an NFT minted on Optimism

Q: What are SurgePoints?

A: SurgePoints are our way of accounting for the contributions of SocketSurge participants throughout the program. SurgePoints are awarded for multiple severity of vulnerabilities & lootboxes described below in the Program Details page.

Q: What are SurgePoints worth?

A: SurgePoints determine your position in the leaderboard and your rank in the SocketSentinels.

Q: What are easter eggs?

A: Easter eggs are particular states of the Socket platform and contracts deployed on top of it which have been hardcoded in our unverified Easter egg contract. There are several hundred easter eggs for participants to find. When you find one, you can call the triggerEasterEgg function on the Easter egg contract and, if you actually found the easter egg, you will automatically mint a SurgePass NFT.

Q: How do I report potential vulnerabilities?

A: We will provide a contract which you can submit a transaction to and pass the relevant vulnerability information as described in the Surge Details page

Q: How do you decide the severity of a reported vulnerability?

A: We cover how we decide the severity of a reported vulnerability here in the Surge Details page.

Q: What if I disagree with how Socket has judged the severity of my vulnerability?

A: We have appointed 3 independent arbiters to adjudicate any reviewed bugs. Please note that you will have to stake $1000 in USDC to request a review, refundable if we grant it to you. We discuss this further in Surge Details.

Q: What are Lootboxes?

A: Lootboxes are implemented as a vault of some amount of USDC on one chain and a SocketDL “Plug” smart contract on other chains which have access to “0” of the USDC in the vault. Compromising the SocketDL protocol would allow you to mutate this message, granting yourself the right to withdraw arbitrary USDC, thereby breaking the Lootbox. Any USDC you are able to “Loot” in this way is yours for the keeping, and to report your achievement for purposes of SurgePoints, you will submit it just like any other bug

Q: How do I get to collect USDC?

A: By corrupting the Socket protocol and removing the USDC from the “Lootbox”

Q: What do the ranks mean in SocketSentinels?

A: The ranks mean a few things, but primarily they determine any token allocation, your voting power within the SocketSentinels security council function in any Socket Governance (still TBD), and your access to different gated Discord channels. Subjectively, it is your “street cred” (along with the SurgePoints you earned and your final place in the Leaderboard) and your bragging rights in the community and in crypto in general. Over time, we will work with the SocketSentinels to develop their advisory, operational and governance role in the protocol.

Q: How many tokens can I expect to get?

A: We have reserved 5% of any future Socket token supply towards security. We have not yet determined how much will go to Surge Wave 1 as we will have future waves of Surge, future audits and bug bounties to account for. We will strongly take SurgePoints from the OGs in Wave 1 into consideration.

Q: Can we participate as a team?

A: Yes, you are free to participate as a team and we have known teams participating, using a single address you share or control together with a multisig. SocketSentinels’ governance role and allocation will be enacted through the NFT you share together. At the time of any token award, we would need to KYC each person on the multisig. Keep in mind that at the time of any token allocation we are only looking at addresses, so you’d split anything between yourselves.

Q: Can I participate as an anon?

A: Yes! However, we might need to KYC you based before token allocation, if any

Q: What happens if I disagree with how Socket Labs has judged my bug submission?

A: We have appointed 3 independent arbiters to adjudicate any reviewed bugs. Please note that you will have to stake $1000 in USDC to request a review, refundable if we grant it to you.

Q: How does minting my SocketSentinels NFT work?

A: At the end of the SocketSurge wave 1, we will invite qualifying participants to mint using the wallet address they signed up and submitted bugs with. The mint will be on Ethereum mainnet, and your points and achievements will be encoded as metadata at time of mint.

Q: What happens after Surge wave 1 and I receive my NFT?

A: The SocketSentinels token-gated Discord channels will open up, and we will begin briefing the SocketSentinels on our plans for the later Surge phases, which will be focused on node operators, protocol developers and crosschain protocol end users, with potential other security challenges. We will hold regular community calls with SocketSentinels, but more information on the exact roles and responsibilities within SocketSentinels post-Surge will be forthcoming.