A third-year engineering student from Manipal Institute of Technology participated in the Bug Bounty competition by Discord and won an award.
Sarthak Sharma a native of New Delhi, discovered an exploit in the open libraries of Discord, and under the discord vulnerability reward program, he was awarded.
Sarthak Sharma completed his early school at St. Paul School, New Delhi. He is currently studying at MIT, Manipal, and is pursuing Computer Science Engineering. He is an active member of the platform HackerOne where users can take participate in bug bounty programs and report such events. He is the creator of the platform - AutoForSure and has created a bunch of bots on Discord and on the application Telegram, one such bot was created to help users find available vaccine slots on the Co-WIN platform.
Discord is a free voice, video, and text chat app used by millions of people worldwide. It is used by all age groups to hang out with their communities and friends. It is used to discuss multiple things, ranging from art projects, coding, gaming, mental health issues, travel, and other things. It has a loyal following and is used regularly by a small and active group of people. It is widely popular because people can be themselves and connect with friends and people of a similar mindset.
”While checking the discord libraries, I found a bug in one of the Discord API and informed them about it. Discord acknowledges and rewards all the bug hunters, who help in protecting and strengthening their in-house operations. They have a dedicated team to handle all the security issues reported by users. When I informed them about the bug, they had sent an acknowledgment email and it was further decided to reward me for my efforts," he said.
Discord necessitates privacy very precariously. They encourage everyone to participate in their open bug bounty program. This program incentivizes researchers to responsibly find, disclose, and help in resolving security vulnerabilities. As with many bug bounties out there, Discord has a fairly straightforward set of rules that help protect both the platform and those looking to disclose. They usually witness enormous participation from developers and hunters from across the globe.
First Published: IST