Immunefi aims to decentralize the web3 bug bounty space by launching an on-chain vaults system.
The move is designed to foster greater transparency and trust between platform participants, enabling crypto projects to deposit assets into their own sovereign vault to pay bug bounty rewards to security researchers, according to a statement released today.
Immunefi hopes the upgrade will boost participation from the community and improve the bug-hunting experience. “We're releasing the first version of our Vaults System, primarily focused on proof-of-assets and providing a frictionless payment experience for bounty programs,” Immunefi founder and CEO Mitchell Amador said. “This allows us to take a responsible first step, meticulously test everything and ensure that our Vaults work at the infrastructure level.”
How Immunefi’s on-chain vaults work
The on-chain vaults are built using the Safe (formerly Gnosis Safe) multisig smart contract and have undergone an internal audit at Immunefi and an external audit with Ourovoros.
Projects maintain exclusive access to their vaults and can make bug bounty deposits in stablecoins, ether or any asset listed on Uniswap, Immunefi said. Immunefi provides rewards in USDC, according to its website.
Projects and whitehats can connect their web3 wallets to securely manage the bounty payout, including platform fees, entirely on-chain via the Immunefi Dashboard. Users can check if the funds allocated to bounties are sufficient before submitting bug reports, Immunefi said.
SSV Network deposits $1 million into sovereign vault
Immunefi’s vaults system is already used by ether staking infrastructure project SSV Network and Near-based decentralized exchange Ref Finance, according to the statement. SSV Network has deposited $1 million into its sovereign vault.
“The Vaults System will help us provide added reassurance for any researcher engaging with our bounty program, and in turn help secure the protocol even further. A good win-win.” SSV DAO contributor Eridian said. “Building further trust with the community by showcasing dedicated funding, and streamlining the payment process, will ultimately strengthen our security efforts.”
Immunefi says it has paid out more than $80 million in bounties and saved over $25 billion in user funds across protocols like Chainlink, The Graph, Synthetix and MakerDAO.
Last month, Immunefi said web3 platforms lost over $1.2 billion in 2023 as Base projects added to crypto exploits in August.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.