With bug bounties becoming increasingly critical to the success of new crypto protocols, Bancor Protocol has announced $1 million to anyone identifying critical threats to its network prior to its upgrade.
Bancor Network is a decentralized trading and yield protocol and will shortly launch its widely-anticipated Bancor 3.
The $1 million bug bounty was accompanied by the release of the Bancor 3 code to the general public to scour the code base for potential exploits.
“As we get close to the B3 launch, we invite developers and whitehat hackers to review the code and try to find bugs in exchange for up to USD 1 million in rewards,” the team wrote on their official Medium channel.
The rewards for spotting bugs are given on the basis of the seriousness of the threats and will be decided by the Bprotocol Foundation.
Bancor offers tiered rewards
Identifying critical threats attracts rewards of up to $1,000,000 while high and medium threats will be rewarded with $40,000 and $5,000 respectively. Lower-threat risks will get $1,000.
The protocol disclosed that “vulnerabilities disclosed prior to the official launch of Bancor 3” will receive bigger rewards. Bancor 3 is currently scheduled to go live in the middle of May and is a “fundamental re-design of previous Bancor versions.”
Bancor 3 is expected to improve integrations and interactions designed to improve composability in DeFi.
Apart from the bug bounty, Bancor is extensively reviewing its code to spot potential threats. Multiple audits are being carried out OpenZeppelin, Certora and Peckshield, all of whom are leaders in blockchain security.
The rise of bug bounties in crypto
With the rise of the cryptocurrency market cap, projects have been turning into new ways to protect assets. Apart from hiring security experts and employing the services of blockchain security firms, protocols are also incentivizing the public to report bugs.
“Whereas the code behind Web2 and centralized crypto platforms is proprietary and usually opaque, the open-source and on-chain nature of DeFi allows for anyone to review your code and uncover potential issues before they can be exploited,” Leonid Beder, Chief Technology Officer at Bancor Protocol, told Be[In]Crypto.
“Public bug bounties leverage the wisdom of the crowd by incentivizing community developers and whitehat hackers to spot issues and get paid for their discoveries. Some of DeFi’s largest vulnerabilities have been uncovered and compensated via public bug bounties, saving billions in user funds. It’s also worth noting many whitehat hackers are DeFi users, too, and they want to help secure the same place where they put their money. In general, smart projects tend to adopt a comprehensive DeFi security stack, which includes multiple audits, automated monitoring and public bug bounties,” he added.
Jay Freeman, a whitehat hacker, announced that he had won a little over $2 million for discovering a bug on Optimism. And Gerhard Wagner earned $2 million for spotting a critical error that could have led to the loss of $850 million.
Web3’s leading bug bounty platform, Immunefi, says that it had paid out over $20 million in bounties, saving $20 billion of investor funds in the process.
Wormhole, MakerDAO, GMX and Olympus are each offering $3 million bounties at present.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.