Today, we’re launching a new Vaults System that enables projects to deposit assets into their own sovereign vault to pay bug bounty rewards.
SSV and Ref Finance are joining us as the first two projects to deploy vaults, with SSV depositing a huge $1 million into their vault to demonstrate that they have funds specifically allocated to paying out whitehats.
And even more projects are set to launch their vaults this week.
Any project on Immunefi is eligible to sign up for a Vault. It’s free, and it takes just 10 minutes. It’s simple.
With the Vaults System, projects on Immunefi can:
- Deposit funds into their own vault to show whitehats they have sufficient assets to pay out bounties.
- Make payments easier by rewarding a security researcher on-chain and paying Immunefi’s fee in a single transaction.
- Boost trust with security researchers to boost the number of top-tier bug reports.
In this first release, the feature list is simple and straightforward:
- Our Vaults System is built using the Safe multisig smart contract, one of the most battle-tested contracts in the industry.
- Our security is strong: the contracts have been audited internally, externally, and we have a fully transparent bug bounty program.
- Projects are the only ones who can access and interact with their Vault.
- Projects can deposit stablecoins, ETH, or any other asset on the Uniswap token list.
Using the new Vaults System, projects and whitehats can connect their wallets and conduct the bounty payout entirely on-chain inside the Immunefi Dashboard. That means no more painful, manual payments.
The Vaults System is the next evolution of web3 bug bounties.
When we first started Immunefi with bug bounties in the millions of dollars, we received a lot of questions about whether those bounties were real. Prior to Immunefi, bug bounties almost didn’t exist at all in web3, and almost no web2 bug bounty program came anywhere close to the individual reward amounts listed on our site. No one had ever heard of million-dollar+ rewards.
Security researchers are a naturally skeptical bunch. It’s what makes them good at their craft.
So in the beginning, some researchers even directly contacted the projects to confirm that the bug bounties were real.
They were real, and that skepticism has faded as we’ve facilitated more than $80 million in payouts to whitehats.
But even now, questions persist about whether projects have enough money to pay out large bounties and how seriously they take security. These aren’t wrong questions to ask. Anyone can see that some projects in web3 care about security and others don’t at all. But sometimes you can’t tell. And this introduces uncertainty.
This uncertainty has been holding back talented security researchers from spending even more time delivering high-quality vulnerability reports that save projects from life-threatening hack damage.
This is where the new Vaults System comes in. We’re releasing this system as just the first milestone on the way to creating the ultimate web3 bug bounty platform.
There are many more features and possibilities that we are exploring for the near future, including trust assurances, yield generation, and more.
This is just the beginning.
As elite whitehats become more and more selective about the bounty programs they choose to hunt on, setting up a vault and depositing some amount of funds is an excellent way to build trust with the whitehat community.
