MakerDAO, which maintains and regulates the DAI cryptocurrency, has launched a bug bounty program with the promise of record-busting payouts ranging up tо $10 million.
The decentralized finance (DeFi) organization has separate reward scales for security flaws found in smart contracts versus bugs unearthed in its websites and applications.
Payouts will also be determined based on the amount of funds that a vulnerability could realistically enable attackers to steal.
Ethical hackers will be paid in DAI. As a stablecoin cryptocurrency, DAI’s market value is pegged to a ‘stable’ reserve asset, specifically the US dollar – something that’s facilitated through an automated system of smart contracts on the Ethereum blockchain.
The bug bounty program is hosted by Immunefi, a crowdsourced security platform, and managed through a ‘Security Core Unit’ launched by the company in December 2021.
“We take the security of our smart contracts and the Maker protocol very seriously and are thrilled to be working with Immunefi,” said Derek Flossman, head of the protocol engineering core unit at MakerDAO.
“We are pleased to have expanded the number of core contracts within the bug bounty and look forward to partnering with Immunefi as we build new layer one functionality and scale to new multichain deployments.”
DeFi bounty bonanza
The blockchain arena is increasingly becoming the place where the biggest bug bounties are to be found, reflecting the fact that billions of dollars’ worth of assets are at stake – and all too frequently plundered by fraudsters and malicious hackers.
Only this week (February 8), the US Department of Justice announced the arrest of a married couple on money-laundering charges related to $4.5 billion in bitcoin that was allegedly accrued off the back of a 2016 hack of digital currency exchange Bitfinex.
Blockchain tech firm Polygon accounts for the biggest bug bounty payout to date. Ethical hacker Gerhard Wagner revealed in October 2021 that he had earned $2 million from the discovery of a vulnerability that, if abused successfully, could have seen attackers double the value of their cryptocurrency withdrawals up to 233 times.
Source: https://portswigger.net/daily-swig/cryptocurrency-firm-makerdao-offers-record-10m-in-newly-launched-bug-bounty-program