By Jamie Redman 26 July 2021 | 10:30 pm

Binance Smart Chain Creates a $10 Million Bug Bounty Fund to Tighten Protocol Security

Binance Smart Chain Creates a $10 Million Bug Bounty Fund to Tighten Protocol Security

The Binance Smart Chain has launched a $10 million bug bounty fund for projects building on top of the protocol, called “Priority One.” The initiative aims to keep the blockchain network secure by encouraging bug bounty hunters and ethical hackers.

Binance Smart Chain Reveals $10 Million Bug Bounty Fund ‘Priority One’

Security experts and bug bounty hunters now have incentive to help the Binance Smart Chain (BSC) developers secure the network. On Monday, the BSC project revealed “Priority One,” a $10 million fund for projects built on top of the BSC protocol.

The announcement says the initiative aims at “refining the lifecycle management of BSC users and decreasing project exploits.” Eligible projects will be able to leverage proactive penetration testing and risk management schemes. Julian Tan, the BSC community coordinator, explained that these types of evaluations shrink the possibility of future exploits.

“The shortlisted projects for the bug bounty will be open for continuous testing,” Tan said in a statement sent to Bitcoin.com News. “With more experts identifying specific vulnerabilities and evaluating [decentralized apps] regularly, there’s more to explore; BSC community will work together to check every nook and corner of the target and leave no room for potential exploits.”

Immunefi CEO: ‘Bug Bounties Compel Disclosure Incentive for Mainnet Contracts’

Bounty hunters combing the BSC protocol for vectors and security flaws will be rewarded for their disclosures. Applicants can apply here and the types of vulnerabilities include but are not limited to:

  • Smart contracts/Blockchain/Cryptographic flaws
  • Logic errors
  • Financial/Economic attacks
  • Susceptibility to block timestamp manipulation
  • Novel governance attacks
  • Congestion and scalability
  • Oracle failure/manipulation

Submissions have to complete a proof-of-concept and describe the vulnerability in a step-by-step guide. Rewards will be based on the severity assessment of the exploitation found by the ethical hacker. BSC also has help from the Binance Security team, Peckshield, Certik, and Immunefi.

“Bug bounties are a core pillar of the [decentralized finance] security stack, providing both a compelling disclosure incentive for mainnet contracts and attracting new security researchers,” the CEO and founder of Immunefi, Mitchell Amador, said in the announcement. “This fund supercharges bug bounties on BSC, by driving the community to adopt best practices while providing compelling incentives for more security researchers to participate in the BSC ecosystem at large,” Amador added.

What do you think about BSC creating a $10 million bug bounty program for the BSC protocol? Let us know what you think about this subject in the comments section below.