Blockchain security platform Immunefi has unveiled a new on-chain bug bounty system named ‘Vaults’. This new method, announced today 26 September, was designed to revolutionise the way Web3 developers handle bug bounties and enhance cybersecurity within the cryptocurrency industry.
Immunefi’s vault system reassures bug bounty finders that they will get paid. The rewards are stored in smart contracts called Vaults and the funds are released after the bounty is completed.
What are bug bounties?
Bug bounties offer rewards to ethical hackers, known as ‘white hats’, who discover vulnerabilities or exploits in software. They have long been a vital component of security in the crypto space.
By incentivising white hat hackers to report bugs instead of exploiting them, these programs help safeguard projects against malicious attacks. In contrast, ‘black hat’ hackers exploit vulnerabilities for malicious purposes.
According to Immunefi, there are often questions surrounding a project’s ability to pay their bounties.
Its blog post said: “This uncertainty has been holding back talented security researchers from spending even more time delivering high-quality vulnerability reports that save projects from life-threatening hack damage.”
Immunefi’s new approach aims to address these concerns. The company believes that the introduction of Vaults will provide a solution to these issues, fostering greater confidence among security researchers.
Immunefi ‘Vaults’ details
Immunefi’s new vault system allows projects and white hat hackers to execute bounty payouts directly on the blockchain. This means a departure from the traditional and ‘painful’ manual payment methods, offering heightened efficiency and convenience to stakeholders.
Projects will first deposit their bug bounty funds into a Safe multisig smart contract, this proves that they have the funds ready to pay white hats. After the bug bounty is completed, the funds are released to the white hat’s wallet.
One of the key pillars of the Vaults system is its reliance on the Safe multisig smart contracts, which are renowned for its reliability and ‘battle-tested’ performance within the crypto sector. To bolster security, the Vaults contracts have undergone thorough internal and external audits.
Early adopters of Vaults
Immunefi has already secured its first two projects to deploy Vaults: SSV and Ref Finance. SSV has committed a substantial $1million to its Vault, which “demonstrates that they have funds specifically allocated to paying out whitehats”.
The announcement hints that more projects are primed to launch their Vaults in the coming week.
Immunefi has emphasised that any project on its platform is eligible to enrol in the Vaults program. It said sign-up is both free and straightforward, requiring just 10 minutes of a project’s time.
Immunefi bug bounty history
Immunefi reported in December 2022 that it had facilitated $66m in bug bounty payouts. LayerZero, for instance, entrusted Immunefi with a $15m bug bounty release on 17 May this year.
Now, with the introduction of Vaults, Immunefi aims to take its commitment to the crypto security a step further.
Its blog post said: “We’re releasing this system as just the first milestone on the way to creating the ultimate web3 bug bounty platform.”
