Armor Alliance Bug Bounty Challenge Launched with Immunefi

Published in
4 min readMar 12, 2021


Immunefi is partnering with smart insurance aggregator Armor to launch the Armor Alliance Bug Bounty Challenge. This program provides matching bug bounty rewards for Armor partner protocols who host their bug bounties with Immunefi.

Bug bounties have exploded onto the DeFi scene as an effective method to: 1) properly compensate whitehats who disclose vulnerabilities, and 2) convince blackhats to act ethically.

This incentive structure, which offers rewards based on severity level to researchers who find vulnerabilities, has already saved numerous projects from critical, project-ending vulnerabilities.

The proof of concept is clear, and the evidence is in: bug bounties are positive-sum for the DeFi community, and it’s important for every project to have one as part of taking security and responsibility seriously.

Why it’s the Right Time to Launch the Armor Alliance

The Armor project itself is proof that bug bounties work, and the success of its bug bounty program is what prompted Armor to create the Armor Alliance Bug Bounty Challenge in the first place. In just the past month, Armor decided to host a bug bounty program on Immunefi and then increased its bounty for critical vulnerabilities to the highest DeFi had ever seen: 1 million $ARMOR tokens.

Within 24 hours, Ideamarkets CTO Alexander Schlindwein combed through the smart contract code before it went live, discovered a critical bug that would have drained Armor’s coverage pool of all funds, and received a life-changing reward for his efforts. In fact, it is the largest bug bounty in crypto ever paid out. You can read more about the postmortem of the Armor bug bounty here.

From the perspective of an insurance protocol, this kind of success means that every DeFi project should have a bug bounty program because it reduces the likelihood of a major insurance claim.

While not every bug bounty program surfaces a critical vulnerability within 24 hours like the Armor example, a high enough reward means that when hackers do find vulnerabilities — and given enough time they will find them — they are much more likely to take the reward, instead of draining the contract.

For this reason Immunefi and Armor encourage partner protocols to adopt high reward bug bounties, which Armor will match in the event of a payout.

A system of reward-matching makes sense because it helps to increase the incentives for responsible disclosure and decrease incentives for hacking protocols.

We believe that the best way forward is to design systems that prevent hacks before they happen.

How Does the Armor Alliance Bug Bounty Challenge Work?

The way the program works is simple:

  • Armor asks partner protocols to implement a bug bounty program on
  • Armor asks partner protocols establish $50,000 as the minimum reward value for the most severe bugs
  • Armor will match those bug bounty rewards with the equivalent $ARMOR tokens in USD value. Any bug bounty program that offers at least a $50,000 bounty will be matched by up to $500,000 (in $ARMOR) from Armor. For example, if a partner protocol has a $50,000 bounty, Armor will match that $50,000 in $ARMOR, and that 1:1 matching scales all the way up to $500,000.

Armor will provide matching rewards only if the protocol is an accepted partner and the bug fits the predetermined criteria. As is a standard condition of Immunefi bug bounty programs, the size of the award depends on the severity level of the vulnerability.

How You Can Join

If you are covered through Armor, there is a simple, four-step process to getting a bug bounty program with Immunefi and having Armor match your bug bounty rewards:

  1. Visit to start customizing your fully-managed bug bounty program, then schedule a call at the end
  2. Ensure the minimum reward value for the most severe bugs is set at $50,000 bounty
  3. Immunefi, Armor, and your project will promote the Bug Bounty to respective communities
  4. Armor will then match those bug bounty rewards with the equivalent $ARMOR tokens in USD value, up to $500,000 (as long as the bug fits the predetermined criteria). $ARMOR token rewards vest linearly over 24 months, without exception.

For DeFi to really be the future of finance, it has to be proactive and prevent hacks from happening. Every hack reflects poorly on the DeFi community. We believe the Armor Alliance Bug Bounty Challenge moves DeFi in the right direction.

About Immunefi

Immunefi is the leading bug bounty and security services platform for DeFi, where projects secure their code and whitehats keep funds safe. Immunefi protects over $5 billion in user funds and has paid out millions of dollars in bug bounties, including the biggest bug bounty in history ($1.5m). Immunefi’s community of proven whitehat hackers, war room and crisis management expertise, and industry-leading secure disclosure platform make Immunefi a core part of the security stack for DeFi’s leading projects, such as Synthetix, ArmorFi, and BadgerDAO.

About Armor

Armor makes investing in DeFi as safe as possible with crypto-native, dynamic smart coverage aggregation. As a decentralized brokerage, Armor’s innovations provide on-demand, real-time coverage and non-custodial security solutions for user assets. Armor’s focus is on building an ecosystem of interoperable protocols and products to secure and scale mass adoption of DeFi both with institutions and individuals. Armor is a Decentralized Autonomous Organization (DAO) built on Ethereum. To learn more, see the fast start guide, or join Armor’s telegram or discord channel.

P.S. Hackers subscribed to our newsletter are 35.8% more likely to earn a bug bounty. Click here to sign up.




Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.