July 26, 2021 –– Binance Smart Chain (BSC), a sovereign smart contract blockchain delivering Ethereum Virtual Machine (EVM) compatible programmability for DeFi and NFT infrastructure, has launched ‘Priority ONE’, a $10 million bug bounty fund for projects building on top of BSC. The initiative encourages participation from bounty hunters, ethical hackers, and security experts.
The fund aims to safeguard the interests of BSC users by continually improving the security standards of protocols. The initiative is directed at refining the lifecycle management of BSC users and decreasing project exploits. Eligible projects will receive advanced risk management controls and proactive penetration testing to identify vulnerabilities at an early stage.
“The shortlisted projects for the bug bounty will be open for continuous testing. With more experts identifying specific vulnerabilities and evaluating dApps regularly, there’s more to explore; BSC community will work together to check every nook and corner of the target and leave no room for potential exploits.”said Julian Tan, BSC Community Coordinator
Successful bounty hunters will be rewarded from the $10M fund for disclosing verifiable attack vectors and security flaws. This includes, but is not limited to:
- Smart contracts/Blockchain/Cryptographic flaws
- Logic errors
- Financial/Economic attacks
- Susceptibility to block timestamp manipulation
- Novel governance attacks
- Congestion and scalability
- Oracle failure/manipulation
Participants of the bounty program must submit a complete proof-of-concept and step-by-step analysis. The rewards will be distributed based on the severity and exploitability of the subject.
All high priority and critical disclosures will be reviewed by BSC ecosystem contributors PeckShield, CertiK, Immunefi, and the Binance Security team. Eligible projects can receive up to $100,000 in bug bounty funds as a supplement to their own bounty program.
“Bug bounties are a core pillar of the DeFi security stack, providing both a compelling disclosure incentive for mainnet contracts and attracting new security researchers. This fund supercharges bug bounties on BSC, by driving the community to adopt best practices while providing compelling incentives for more security researchers to participate in the BSC ecosystem at large.” said Mitchell Amador, CEO and Founder at Immunefi.
“It’s clear that this bug bounty fund will contribute to a bright future for BSC. As the major player in DeFi bug bounties, Immunefi is proud to do its part to ensure all participating projects get the very best bug bounty support available.” she added.
The BSC Accelerator fund will provide $3 million worth of BNB to support the initial batch of 30 dApps. From Q4 2021, a new BEP (Binance Chain Evolution Proposal) will request a percentage (circa 1%) of the daily block rewards to be dedicated to the bug bounty pool. The daily block rewards will be utilized to raise the remaining $7 million in BNB rewards. More information around the new BEP proposal will be provided on BSC’s official channels.
“This initiative shows strong commitment and responsibility. The BSC community needs to work together to continuously strengthen protocol security, improve risk controls, and lean towards a more proactive approach in terms of identifying and fixing potential vulnerabilities. As a blockchain security company, we’re excited to be involved and expect this initiative to help the community interact with more secured projects,” said Xuxian Jiang, CEO and Co-founder, PeckShield.
Registration for projects wishing to participate in the bug bounty program is open here.