Today the Badger DAO goes live on the Immunefi bug bounty platform with one of, if not the largest bug bounty in crypto to date: up to $500,000.
This bug bounty is the first of its kind in the space and represents an important milestone. The Badger DAO is moving to set a new standard for security in the DeFi space.
The route to good security is making sure that the size of bug bounties is reasonably proportionate to the Total Value Locked (TVL) of contracts. This makes serious hack events much less likely, since it lets security researchers know that if they find critical bugs that could destroy the entire project, they’ll be well-rewarded for responsibly disclosing the vulnerability. It also encourages potentially malicious actors to engage in responsible disclosure as well, since they have the opportunity to gain good reputation in the community, in addition to a very generous, fully legal reward for their efforts.
Rewards by threat level:
We are especially interested in receiving and rewarding vulnerabilities of the following types:
- Logic errors
- Solidity/EVM details not considered
- Trusting trust/dependency vulnerabilities
- Oracle failure/manipulation
- Economic/financial attacks
- Congestion and scalability
This benefits everyone. It benefits projects, good security researchers, malicious actors who are persuaded to engage in legitimate activities, and most importantly, it improves the reputation of the DeFi community overall.
In 2020 alone, hacks and scams cost the community $100m. It’s time to beef up the security incentives in 2021. The Badgers and Immunefi are here to do exactly that.
Immunefi’s mission is to serve as important DeFi infrastructure by removing security risk and bringing high-quality decentralized financial products to the public. Together, we’ll strengthen security for Bitcoin-based DeFi.
We strongly encourage devs and security researchers to look through the code, find vulnerabilities, build rep, and get paid.