Immunefi launches on-chain bug bounties through ‘Vaults’ system

Blockchain information level Immunefi has launched an on-chain strategy for bug bounties, according to a Sept. 26 announcement. The caller system, called “Vaults,” allows Web3 developers to escrow funds successful an on-chain code and usage them to wage retired bug bounties to achromatic chapeau hackers.

Immunefi believes the caller strategy volition assistance projects “demonstrate to whitehats [...] that they person allocated capable funds to wage bounties,” which it hopes volition effect successful “more top-tier bug reports” being submitted.

List of Immunefi bug bounties. Source: Immunefi

Software developers often connection rewards, called “bug bounties,” to hackers who observe exploits oregon different bugs successful their software. This sometimes allows vulnerabilities to beryllium recovered earlier atrocious actors tin exploit them. Hackers who taxable bug reports for rewards alternatively of taking vantage of an exploit are called “white hat” hackers, portion “black hat” hackers usage their cognition for malicious purposes.

Related: Projects would alternatively get hacked than wage bounties, Web3 developer claims

According to the announcement, the caller Immunefi strategy allows projects to deposit their bug bounty funds to a Safe multisig astute declaration (formerly called a “Gnosis Safe”). This provides achromatic hats with on-chain impervious that the funds are available. Once a bug is submitted and a task has confirmed it’s genuine, the task tin merchandise the funds to the bug reporter’s wallet.

During Vault’s launch, Ethereum infrastructure supplier SSV posted a $1 cardinal deposit to assistance wage bug bounties for its software. Decentralized speech Ref Finance, which is connected the Near network, besides uses the caller system. SSV DAO contributor Eridian claimed that on-chain bug bounties volition assistance supply amended information for the DAO’s validator services, stating:

“The Vaults System volition assistance america supply added reassurance for immoderate researcher engaging with our bounty program, and successful crook assistance unafraid the protocol adjacent further. A bully win-win. Building further spot with the assemblage by showcasing dedicated funding, and streamlining the outgo process, volition yet fortify our information efforts.”

In December 2022, Immunefi reported that it had facilitated $66 cardinal successful bug bounty payouts since the platform’s inception. LayerZero released a $15 cardinal bug bounty done Immunefi connected May 17.

Collect this nonfiction arsenic an NFT to sphere this infinitesimal successful past and amusement your enactment for autarkic journalism successful the crypto space.