Contents
During the Paris event ETHCC, the Cryptonomist sat down to talk with Immunefi, the bug bounty and security services platform for smart contracts and web3 crypto projects.
Can you tell me more about the numbers of bounties and hack averted?
We’ve facilitated the payout of over $80 million in bounties to whitehats. These include record-breaking payouts like $10 million for a vulnerability discovered in Wormhole, a generic cross-chain messaging protocol, and $6 million for a vulnerability discovered in Aurora, a bridge, and a scaling solution for Ethereum.
Currently, we have over 320 bounty programs available on Immunefi that collectively offer $158 million in rewards available to whitehats. As a result of the vulnerabilities submitted through our system, we’ve saved more than $25 billion in user and protocol funds from being hacked.
How does your service work?
Immunefi is a bug bounty and security services platform for smart contracts and web3 projects, where security researchers review code, disclose vulnerabilities, and get paid. Immunefi removes security risk through bug bounties and comprehensive security services. We were the first to introduce a scaling incentive for hackers, meaning rewards grow accordingly with the severity of an exploit and the volume of funds at risk. Thanks to that, Immunefi has built the largest community of security talent in the crypto space.
Immunefi receives a fee of 10% on top of the amount paid to the security researcher. The whitehat hacker receives their full reward – the payment to Immunefi is in addition to that amount and helps pay for its platform and expertise.
Who are your clients?
The company’s primary clients are web3 protocols, dApps, DAOs, and both layer one and layer two blockchains. Some of the most prominent web3 protocols use Immunefi to run their bounty programs, including established, multi-billion dollar projects like web3 protocols like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, and more. Together they hold over $60 billion in user funds, representing a major target for blackhat hackers.
Which are the most frequent types of hacks?
The most frequent types of bugs and hacks we see:
- Improper input validation
- Incorrect calculation
- Oracle/price manipulation
- Weak access control
- Replay attacks/signature malleability
- Rounding errors
- Reentrancy
- Frontrunning
For more information, see our most recent post here.