Axie Infinity maker floats bug bounty program after $600 million Ronin hack

Sky Mavis, the studio behind the popular Axie Infinity game, has floated a bug bounty to unearth security vulnerabilities in its ecosystem following the theft of over $600 million from its Ronin network.

Announced on Tuesday, the bug bounty covers two categories covering both smart contracts and web-related issues. Rewards for vulnerabilities with the ecosystem’s blockchain and smart contract infrastructure will range from $1,000 to $1,000,000 depending on the severity.

Some of the prioritized smart contract vulnerabilities listed by Sky Mavis include re-entrancy, oracle manipulation, and signature malleability, among others. Other bugs the team wants white hat hackers to look into include authentication errors, flash loan attacks, and susceptibility to front running.

Bugs in the web or app interface will see rewards between $50 to $15,000, also depending on the severity. The Sky Mavis team said it may also award additional bonuses for exceptional bug reports.

The blockchain gaming studio will pay bug bounties in its AXS token. Fatal bounties that command a $1 million reward will include a vesting requirement with a six-month tenure. This means that recipients will only be able to liquidate a specified portion of the funds per month.

Sky Mavis’ bug bounty announcement is the latest step taken since the Ronin hack. In March, an attacker was able to drain $600 million from the Ronin bridge.

Other actions taken since the hack include replacing the validators compromised in the attack. Sky Mavis has also raised $150 million as part of the restitution for users affected by the incident.