LayerZero partners with Immunefi to launch $15M bug bounty
Cross-chain messaging protocol LayerZero and security platform Immunefi have teamed up to launch a $15 million bug bounty program.
The program offers a maximum reward of $15 million for anyone identifying a vulnerability at the highest severity level. According to its terms and conditions, rewards are based on the Immunefi Vulnerability Severity Classification System and paid according to vulnerability impact.
LayerZero is an omnichain interoperability protocol that allows developers to interact with contracts across blockchains. In bug bounty programs, ethical hackers are rewarded for finding and reporting application vulnerabilities and bugs.
To be considered for a reward, bug reports must include a proof-of-concept (PoC) demonstrating an end effect on assets in scope. Explanations and statements are not accepted as PoC and code is required, according to the eligibility criteria.
Critical smart contract vulnerabilities reported on Ethereum, BNB Chain, Avalanche, Polygon, Arbitrum, Optimism and Fantom pay the higher of $250,000 or 10% of the assets’ value at risk at the time of reporting. The payout for critical vulnerabilities starts at $25,000 for all other chains. Non-critical rewards are based on internal criteria.
Bounty hunters are also required to comply with Know Your Customer standards, such as submitting a copy of their passport or government ID and proof of address, as well as being screened by the United States Office of Foreign Assets Control.
According to Immunefi, over 1,248 reports have been processed since its inception in 2020, totaling $65,918,994 in crypto bounties paid as of December 2022.
Other software companies offering thousands of dollars in bug bounties include Microsoft, Intel and OpenAI. Microsoft offers a maximum payout of $250,000 for critical bugs. Intel’s bug hunters can earn rewards up to $100,000, while OpenAI offers rewards up to $20,000 for exceptional discoveries.
Magazine: Should crypto projects ever negotiate with hackers? Probably