Compound Finance Launches $1M Bug Bounty Program on Immunefi

Coinspeaker Compound Finance Launches $1M Bug Bounty Program on Immunefi

Decentralized finance (DeFi) protocol  Compound Finance has set out on its ambitious plans to beef up security. This follows after it recently tapped Immunefi to launch a $1 million bug bounty program.

According to the announcement, which was shared via Immunefi’s Medium blog, the program seeks to make Compound’s algorithmic interest rate platform a lot safer. That is, by encouraging security experts to identify vulnerabilities. The interesting part would be that these experts also get to earn tangible rewards for their roles in securing the platform.

Critical Vulnerabilities Could Earn Researchers Up to $1 Million in Bug Bounty Program

In the announcement, Compound Finance detailed that the program will offer rewards that measure up to the level of risk identified. This means that the reward structure will be based on the severity of reported vulnerabilities.

As classified under Immunefi’s Vulnerability Severity Classification System V2.3, there are four categories of risks. Therefore, there are also four reward categories.

Starting from the smallest, the bounty program will reward low-level vulnerabilities (those with minimal risks) with $1,000. Then follows the medium-level vulnerabilities, where researchers who identify mid-tier issues can earn up to $5,000.

The next category is that of high-level vulnerabilities. Here is where issues like theft or freezing of funds occur and can earn experts between $10,000 to $50,000. The amount, however, will be determined by the potential damage and funds at risk.

Lastly, there is the critical vulnerability level. This category rewards up to $1 million or 10% of affected funds, depending on whichever is lower. However, a minimum payout of $50,000 is guaranteed to encourage timely reporting of critical issues.

Meanwhile, Compound has also acknowledged that there is a possibility for critical vulnerabilities to involve repeatable attacks. This is in situations where the compromised smart contract can not be paused or upgraded.

In such instances, Compound confirms that it will calculate the reward based on the total cumulative damage to funds.

Payment in COMP Tokens, Says Compound Finance

The bug bounty payments will be handled directly by the Compound DAO. Although these rewards are denominated in USD, Compound says payouts will be made in its native token COMP COMP $109.4 24h volatility: 12.8% Market cap: $968.33 M Vol. 24h: $196.55 M .

The company also addressed the issue of price volatility. It said that USD will be converted to COMP based on the average price listed on CoinMarketCap and CoinGecko at the time that the report is submitted.

Overall, Compound Finance’s bug bounty program appears to be a standout strategy. One that is bound to ensure that researchers are well motivated to disclose issues promptly and prevent avoidable damages.

next

Compound Finance Launches $1M Bug Bounty Program on Immunefi