Bug bounty

From DefiLlama
Revision as of 00:34, 20 April 2022 by River0x (talk | contribs)
Jump to navigation Jump to search

A bug bounty is a countermeasure developers can implement to drive white hat hackers to disclose exploits discreetly without actually triggering them. Generally speaking, bug bounties strictly apply to specified smart contract repositories.

Size

A significant number of chains and protocols use bug bounties. These can range from a few thousand dollars to up to ten million dollars (at time of writing). Different bug bounties are listed on websites such as immunefi.com. By their count alone, some $135,000,000 are available for hackers to claim.

Effectiveness

There are many cases of bug bounties successfully preventing exploits:

OpenZeppelin disclosed a $15 billion vulnerability.

Issues

Sometimes anonymous developers do not have a way to verify their anonymous counter party will not simply exploit the code when disclosing it. This is the case with OpenZeppelin's recent attempt to disclose a 10 figure vulnerability in Convex.

Providers

Immunefi lists and organises all bug bounties in a web2, centralised company way. Hats.finance provides a similar offering though it does this in a decentralised way.

(this is WIP, I'm researching)

Retrieved from "https://wiki.defillama.com/w/index.php?title=Bug_bounty&oldid=60"