Wormhole launches Bug Bounty Program on Immunefi with $10 million reward for critical bugs
We believe it is vital to motivate white hats to help keep the ecosystem secure. That’s why we are now offering the crypto industry’s largest bounty for critical attacks — $10 Million.
Our bug bounty program provides users with an additional level of security and shows our long-term commitment to making the Wormhole protocol and the greater DeFi ecosystem more secure.
If you find a bug, report it here:(https://www.immunefi.com/bounty/wormhole)
What is covered?
The bug bounty program covers smart contracts, web UI, guardian nodes, and Wormhole integrations. Its focus is on preventing:
- Exploits resulting in the locking, loss, or theft of user funds.
- General forging of unverified data or validation of forged messages.
- Determinism bugs that could lead to inconsistent bridge states.
- Governance manipulation.
- Exposure of infrastructure private keys and/or PII.
- Vulnerabilities in the node operating software resulting in invalid behavior.
- Remote code execution.
- Bugs that can facilitate Sybil attacks.
Rewards are distributed according to the impact of the vulnerability and are based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains. It encompasses everything from consequence of exploitation to privilege required, as well as likelihood of a successful exploit.
Smart Contracts and Blockchain
- Critical Up to $10,000,000
- High $100,000
- Medium $10,000
- Low $2,500
Websites and Applications
- Critical $50,000
- High $10,000
- Medium $5,000
- Low $1,000
Immunefi is the premier bug bounty platform for smart contracts and DeFi projects. It’s where security researchers review code, disclose vulnerabilities, and make crypto safer for all participants.
Because bug bounty programs allow security researchers to discover and disclose potential vulnerabilities in smart contracts and applications, the programs protect projects and their users. Security researchers are rewarded based on the severity of the vulnerability they discover, as determined by the project affected.
Wormhole is a generic message passing protocol that connects high value blockchains together. Its applications leverage the core messaging layer to facilitate interoperability between ecosystems. Secured by 19 guardians, developers leverage the protocol to send arbitrary data cross-chain including tokens, NFTs, oracle data, governance decisions, and more. Recent implementations of Wormhole include the Portal bridge and NFT bridge, which allow for seamless asset transfers across supported chains. Wormhole is currently connected to Solana, Terra, Ethereum, Binance Smart Chain, Polygon, Avalanche, and Oasis. Its design — which is easily extensible and upgradable — allows for quick consensus, connects more chains, and enables developers to build on top of Wormhole easily.