Difference between revisions of "Bug bounty"
citation
(A bug bounty is a reward given to an entity discreetly disclosing a code vulnerability to a developer.) |
(citation) |
||
| Line 8: | Line 8: | ||
== Issues == | == Issues == | ||
Sometimes anonymous developers do not have a way to verify their anonymous counter party will not simply exploit the code when disclosing it. This is the case with OpenZeppelin's recent attempt to disclose a 10 figure vulnerability in Convex. | Sometimes anonymous developers do not have a way to verify their anonymous counter party will not simply exploit the code when disclosing it. This is the case with OpenZeppelin's recent attempt to disclose a 10 figure vulnerability in Convex.<ref>https://blog.openzeppelin.com/15-billion-rugpull-vulnerability-in-convex-finance-protocol-uncovered-and-resolved/</ref> | ||
== Providers == | == Providers == | ||
| Line 14: | Line 14: | ||
(this is WIP, I'm researching) | (this is WIP, I'm researching) | ||
== Sources == | |||