Immunefi’s new system, “Vaults,” enables Web3 developers to escrow funds in an on-chain address and use them to pay bug bounties to white hat hackers.
Immunefi believes that the new system will enable projects to “demonstrate to whitehats […] that they have allocated sufficient funds to pay bounties,” thereby encouraging “more top-tier bug reports” to be submitted.
Software developers frequently offer rewards, known as “bug bounties,” to hackers who discover exploits and other software flaws. This enables the identification of vulnerabilities before their exploitation by evil actors.
“White hat” hackers submit defect reports for rewards rather than exploiting vulnerabilities, whereas “black hat” hackers use their knowledge for malicious purposes.
According to the announcement, the new Immunefi mechanism permits projects to deposit bug bounty funds into a Safe multisig smart contract (previously known as a “Gnosis Safe”).
This provides on-chain evidence to whiteheads that the funds are available. Once a project has confirmed that a reported defect is genuine, it can release funds to the bug reporter’s wallet.
During the inauguration of Vault, Ethereum infrastructure provider SSV deposited $1 million to help pay bug bounties for its software. Ref Finance, a decentralized exchange on the Near network, also employs the new system.
Eridian, a contributor to the SSV DAO, asserted that on-chain bug bounties will enhance the security of the DAO’s validator services, stating:
“The Vaults System will help us provide added reassurance for any researcher engaging with our bounty program, and in turn help secure the protocol even further. A good win-win. Building further trust with the community by showcasing dedicated funding, and streamlining the payment process, will ultimately strengthen our security efforts.”
Immunefi reported in December 2022 that it had paid out $66 million in bug bounties since the platform’s inception. On May 17, LayerZero released a $15 million bug bounty via Immunefi.
