Blockchain security platform Immunefi has launched an on-chain system for bug bounties, according to a September 26 announcement. The new system, called “Vaults,” allows Web3 developers to deposit funds to an on-chain address and use them to pay bug bounties to white hat hackers.
Immunefi believes the new system will help projects “demonstrate to whitehats (…) that they have allocated sufficient funds to pay bounties,” which it hopes will result in the filing of “more top-level bug reports.”
Software developers often offer rewards, called “bug bounties,” to hackers who discover exploits or other bugs in their software. Sometimes this allows vulnerabilities to be found before bad actors can exploit them. Hackers who submit bug reports for bounties instead of taking advantage of an exploit are called “white hat” hackers, while “black hat” hackers use their knowledge for malicious purposes.
Related: Projects would rather be hacked than pay rewards, says Web3 developer
According to the announcement, the new Immunefi system allows projects to deposit their bug bounty funds into a multi-signature Safe smart contract (previously called “Gnosis Safe”). This provides white hats with on-chain proof that funds are available. Once a bug is submitted and a project has confirmed that it is genuine, the project can release the funds to the bug reporter’s wallet.
During the launch of Vault, ethereum infrastructure provider SSV posted a $1 million deposit to help pay bug bounties for its software. The decentralized exchange Ref Finance, which is on the Near network, also uses the new system. SSV DAO contributor Eridian stated that on-chain bug bounties will help provide better security for DAO validation services, stating:
“The Vaults system will help us provide greater peace of mind to any researchers participating in our bounty program and, in turn, help further secure the protocol. A good win-win. Building greater trust with the community by showing dedicated funds and streamlining the payment process will ultimately strengthen our security efforts.”
In December 2022, Immunefi reported that it had facilitated $66 million in bug bounty payments since the platform’s inception. LayerZero launched a $15 million bug bounty through Immunefi on May 17.
Collect this item as nft to preserve this moment in history and show your support for independent journalism in the crypto space.
