The Web3 security landscape has recently ushered in an innovative feature— the ability for projects to deposit their bounty funds into a secure smart contract known as “Safe.” This groundbreaking development not only verifies the availability of these funds but also adds a layer of transparency to the process.
Blockchain security trailblazer, Immunefi, made waves with its latest on-chain solution for bug bounties, as announced on September 26th. Aptly named “Vaults,” this system empowers Web3 developers to securely hold and distribute bug bounties to ethical hackers directly from an on-chain address.
Immunefi is confident that this novel approach will allow projects to demonstrate their commitment to white hat hackers, ensuring they have set aside sufficient resources to reward top-tier bug reports. This proactive stance aims to uncover critical vulnerabilities before malicious actors can exploit them.
In the realm of software development, a common practice involves offering rewards, often referred to as “bug bounties,” to individuals who uncover vulnerabilities or exploits in their software. This serves as a proactive measure to identify and rectify weaknesses before they can be maliciously exploited. Those who submit bug reports in exchange for rewards, rather than exploiting the vulnerabilities themselves, are known as “white hat” hackers, while those with nefarious intentions are referred to as “black hat” hackers.
According to the announcement, Immunefi’s new system enables projects to securely deposit their bug bounty funds into a Safe multisig smart contract (previously known as a “Gnosis Safe”). This on-chain mechanism provides indisputable proof to white hat hackers that the funds are indeed available. Once a bug is reported and its authenticity confirmed, projects can effortlessly release the bounty to the hacker’s wallet.
The launch of Vaults witnessed Ethereum infrastructure provider, SSV, committing a substantial $1 million deposit to bolster their bug bounty program. Decentralized exchange, Ref Finance, operating on the Near network, has also embraced this pioneering system. Eridian, a contributor to SSV DAO, highlighted how on-chain bug bounties will enhance the security of the DAO’s validator services, stating:
“The Vaults System will not only bolster our relationship with researchers engaged in our bounty program but also fortify our protocol’s security. This mutual trust, built through dedicated funding and streamlined payment processes, is the cornerstone of our security efforts.”
As of December 2022, Immunefi proudly reported facilitating $66 million in bug bounty payouts since its inception. Furthermore, LayerZero recently initiated a $15 million bug bounty program through Immunefi on May 17th, reaffirming the platform’s commitment to cybersecurity.