Introduction
As a part of our ongoing effort to improve the security of our protocol, we are announcing the launch of a bug bounty program in partnership with Immunefi, the leading bug bounty and security platform for DeFi. Immunefi’s clients include Compound, Aave, Synthetix, Sushiswap as well as Thorchain, which started its $500k bounty program after the second attack of their hacking scandal.
The bug bounty focuses on BiFi’s smart contract security. During the program, white hat hackers will attempt to breach BiFi’s security to disclose vulnerabilities in the protocol and receive rewards for their discovery. By partnering with Immunefi, BiFi will continue to further improve the security of our ecosystem and the safety of our user funds.
Program Overview
The bug bounty program mainly focuses on potential vulnerabilities in our smart contracts. The following criteria are within the scope of our program:
- Thefts and freezing of the principal
- Thefts and freezing of the unclaimed yield
- Thefts and freezing of the governance funds
- Thefts and freezing of permission among contracts
- Manipulations of the contract functionality(DoS, Malicious Re-entrancy, etc.)
💡 Please refer to BiFi Bug Bounty Program page for details
Rewards
Rewards for detecting in-scope vulnerabilities will be distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. All payouts are made by BiFi in BFC, ETH or Stablecoins (USDT, USDC) pegged to the USD amount of the reward.
- Critical — USD 100,000
- High — USD 20,000
- Medium — USD 500
- Low — USD 100
About Immunefi
Immunefi is the leading bug bounty and security services platform for DeFi. With $31 million in bounties currently available, the platform has thus far paid out more than $3 million and saved their clients $1 billion in losses. Its clients include notable names such as Compound, Aave, Synthetix, C.R.E.A.M. Finance, SushiSwap, PancakeSwap. Also, THORChain posted a $500k bug bounty on Immunefi after the second attack of its hacking scandal.
Resources
If you’re new to BIFROST and BiFi, get started here:
- BIFROST & BiFi Website
- Start Lending on BiFi
- New to BiFi? See BiFi Guide for Beginners
- BFC and BiFi Token
Stay Connected
- Join Our Telegram : Korea | Global | Vietnam | Japan | Indonesia | China
- Ask Us Anything: AMA Korea | AMA Global
- Get Social: Twitter (BIFROST) | Twitter (BiFi) | Facebook | YouTube| Reddit | Weibo