9
edits
Difference between revisions of "Bug bounty"
no edit summary
(more deets) |
|||
| Line 1: | Line 1: | ||
A bug bounty is a countermeasure developers can implement to drive white hat hackers to disclose exploits discreetly without actually triggering them. Generally speaking, bug bounties strictly apply to specified smart contract repositories. | A bug bounty is a countermeasure developers can implement to drive white hat hackers to disclose exploits discreetly without actually triggering them. Generally speaking, bug bounties strictly apply to specified smart contract repositories. | ||
== Size == | == Size == | ||
A significant number of chains and protocols use bug bounties. These can range from a few thousand dollars to up to ten million dollars (at time of writing). Different bug bounties are listed on websites such as immunefi.com. | A significant number of chains and protocols use bug bounties. These can range from a few thousand dollars to up to ten million dollars (at time of writing). Different bug bounties are listed on websites such [https://immunefi.com/ as immunefi.com.] By their count alone, some $135,000,000 are available for hackers to claim. | ||
== Effectiveness == | == Effectiveness == | ||
There are many cases of bug bounties successfully preventing | There are many cases of bug bounties successfully preventing exploits: | ||
[https://blog.openzeppelin.com/15-billion-rugpull-vulnerability-in-convex-finance-protocol-uncovered-and-resolved/ OpenZeppelin] disclosed a $15 billion vulnerability. | |||
== Issues == | == Issues == | ||