Bitcoin exchange Sovryn has launched what is believed to be the biggest bug bounty reward to date, offering $1.25 million for the disclosure of security vulnerabilities in its platform.
The company, which describes itself as a bitcoin-based decentralized finance protocol, is offering the record amount for security flaws in the Sovryn smart contract.
Further rewards, up to $22,000, will be given to hackers who uncover flaws in its websites and web-facing applications.
Immunefi launch
The Sovryn bug bounty program was launched in partnership with Immunefi, a bug bounty platform specializing in blockchain and smart contract projects, which was created in December 2020.
Sovryn will also award a bonus 20% payout to bug bounty hunters for reports during the first 30 days of its program, which has been live since March 3.
More information on the program, including a list of prioritized vulnerabilities, can be found on the Immunefi website.
These vulnerabilities include logic errors, dependency vulnerabilities, and economic/financial attacks.
Arms race for security
When asked why such a large reward was offered, Sovryn co-founder Edan Yago told The Daily Swig: “We believe we are in an arms race for security. The more we offer, the more likely we are able to outbid others in the attention economy for whitehat talent.”
In terms of bugs, Yago said that they were looking for “anything that could place user funds at risk, be it smart contract bugs, frontend vulnerabilities, or anything else”.
He added: “Security of user funds is Sovryn’s highest priority.”
Immunefi co-founder Travin Keith said: “We are sure the Sovryn network will become more secure through the existence of this bug bounty program, by incentivizing whitehats to look through the code as well as incentivizing blackhats to disclose bugs, instead of exploiting them.”
From: PortSwigger