SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
$10 million bug bounty fund for projects building on Binance Smart Chain
Tue, 27th Jul 2021
FYI, this story is more than a year old

Binance Smart Chain (BSC) has launched Priority ONE, a $10 million bug bounty fund for projects building on top of BSC.

Designed to encourage participation from bounty hunters, ethical hackers, and security experts, the fund aims to safeguard BSC user interests by improving protocol security standards.

The initiative focuses on refining the lifecycle management of BSC users and decreasing project exploits. Eligible projects will receive advanced risk management controls and proactive penetration testing to identify vulnerabilities early.

“The shortlisted projects for the bug bounty will be open for continuous testing,” says BSC community coordinator, Julian Tan.

“With more experts identifying specific vulnerabilities and evaluating dApps regularly, there's more to explore. The BSC community will work together to check every nook and corner of the target and leave no room for potential exploits.”

Successful bounty hunters will be rewarded from the $10M fund for disclosing verifiable attack vectors and security flaws.

Including, but not limited to:

  • Smart contracts/blockchain/cryptographic flaws
  • Logic errors
  • Financial/economic attacks
  • Susceptibility to block timestamp manipulation
  • Novel governance attacks
  • Congestion and scalability
  • Oracle failure/manipulation

Participants must submit a complete proof-of-concept and step-by-step analysis, and the rewards will be distributed based on the severity and exploitability of the subject. BSC ecosystem contributors PeckShield, CertiK, Immunefi, and the Binance Security team will review high priority and critical disclosures.

Eligible projects can receive up to $100,000 in bug bounty funds to supplement their own bounty program.

“Bug bounties are a core pillar of the DeFi security stack, providing both a compelling
disclosure incentive for mainnet contracts and attracting new security researchers,” says Immunefi CEO and founder, Mitchell Amador.

“This fund supercharges bug bounties on BSC by driving the community to adopt best
practices while providing compelling incentives for more security researchers to
participate in the BSC ecosystem at large.

“It's clear this bug bounty fund will contribute to a bright future for BSC. As a major player in DeFi bug bounties, Immunefi is proud to do its part to ensure all participating projects get the very best bug bounty support available,” he added.

The BSC Accelerator fund will provide $3 million worth of BNB to support the initial batch of 30 dApps. And from Q4 2021, a new binance chain evolution proposal (BEP) will request a percentage (circa 1%) of the daily block rewards be dedicated to the bug bounty pool. The remaining $7 million in BNB rewards will be raised using the daily block rewards.

“This initiative shows strong commitment and responsibility,” says PeckShield CEO and co-founder, Xuxian Jiang.

“The BSC community needs to work together to continuously strengthen protocol security, improve risk controls, and lean towards a more proactive approach in terms of identifying and fixing potential vulnerabilities.

He says as a blockchain security company; they are excited to be involved and expect this initiative to help the community interact with more secured projects.