Immunefi, Trail of Bits, Solana Foundation launch web3 ‘Rekt Test’

Quick Take

  • Immunefi, Trail of Bits, Solana Foundation and others are launching “The Rekt Test” — a baseline security standard for web3.
  • The Rekt Test covers seven critical security requirements, including key management, incident response, code security and external audits — helping users assess the quality of projects before interacting with them.

Bug bounty security platform Immunefi is launching “The Rekt Test” — a baseline security standard for web3 — in partnership with cybersecurity firm Trail of Bits.

The test guides web3 projects through a set of questions designed to ensure they adhere to a minimum level of security performance. The results enable users and investors to more easily evaluate the quality of a project before engaging with it, according to a statement.

The Rekt Test covers seven security assessments: system documentation and roles, key management and access control, incident response and crisis management, team and personnel security, code security and testing, external audits and vulnerability management and attack mitigation and user protection.

The test is also in collaboration with Solana Foundation, Fireblocks and Ribbit Capital. It was developed by a group of web3 security experts including, Mitchell Amador, founder and CEO at Immunefi, Dan Guido, co-founder and CEO at Trail of Bits, Lee Mount, head of EulerSwap at Euler Finance, Shahar Madar, head of security products at Fireblocks and Ribbit Capital representatives, Immunefi said.

The state of web3 security

“The state of web3 security is still largely immature and of poor quality,” Immunefi added, citing its recent report claiming that over $3.9 billion was lost to hacks and scams in web3 last year. With the large amount of capital in the ecosystem providing an incentive for attackers to exploit web3 projects through code vulnerabilities, private key thefts and social engineering, setting security standards was crucial, Immunefi said.

“The Rekt Test is a crucial standard for ensuring that web3 projects are operating at a minimum baseline of security performance,” Amador said. “We see devastating, unnecessary losses caused by private key thefts and social engineering alone that can be mitigated by having an established and proactive approach to security requirements.”   

Last week, Immunefi said it had been inundated with ChatGPT-generated web3 security reports since OpenAI launched the tool in November.

Correction: Removed references to Polygon Labs and the DeFi Education Fund who said they were not involved in the project.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.