Bug bounty

From DefiLlama
Revision as of 00:29, 20 April 2022 by River0x (talk | contribs) (more deets)
Jump to navigation Jump to search

A bug bounty is a countermeasure developers can implement to drive white hat hackers to disclose exploits discreetly without actually triggering them. Generally speaking, bug bounties strictly apply to specified smart contract repositories.

Size

A significant number of chains and protocols use bug bounties. These can range from a few thousand dollars to up to ten million dollars (at time of writing). Different bug bounties are listed on websites such as immunefi.com.

Effectiveness

There are many cases of bug bounties successfully preventing disasters.

Issues

Sometimes anonymous developers do not have a way to verify their anonymous counter party will not simply exploit the code when disclosing it. This is the case with OpenZeppelin's recent attempt to disclose a 10 figure vulnerability in Convex.

Providers

Immunefi lists and organises all bug bounties in a web2, centralised company way. Hats.finance provides a similar offering though it does this in a decentralised way.

(this is WIP, I'm researching)

Retrieved from "https://wiki.defillama.com/w/index.php?title=Bug_bounty&oldid=59"