In November 2023, we launched the first-ever Bounty Boost on Immunefi with DeGate.
Immunefi Bounty Boosts are special, time-limited events that supercharge the reach and visibility of our bounty programs to our whitehat community.
For a two-week period, the DeGate Boost offered a $50k rewards pool on top of the regular bounty rewards paid for every valid bug. Although no strictly “valid” bugs were found, we decided to reward this pool to the very best, highest-quality submissions.
The Boost also featured a dedicated support channel for technical questions with a project member from DeGate, ensuring swift feedback within 24 hours for all bug reports, an aspect of the experience we found that was highly valued by whitehats. Immunefi also provided its Managed Triaging service for the duration of the Boost to give whitehats a premium experience.
With the technical livestream walkthrough event on Nov 20, we kicked off the event, and a literal army of whitehats started scanning the code, looking for any trace of vulnerabilities.
In less than a week, the engagement level was “octupled”, or more than 8x the average level of activity for a bug bounty program.
In total, there were:
- 192 submitted reports
- 92 unique whitehats
- 3x as many reports from 2x as many unique whitehats for DeGate during the Boost as compared to DeGate’s regular bounty stats since their launch on Immunefi in early 2023
The bar for this challenge was set high as the code was a fairly battle-tested, modified OpenZeppelin library. Although no truly valid vulnerabilities were discovered during the Boost, some of the submissions were of excellent quality, and 35 out of the total 192 whitehats were rewarded with a share of the $50k prize pool.
The Leaderboard
Interesting facts:
- Out of the top 5%, half were submitted by SRs with 5 or fewer total reports ever on Immunefi!
- More than 2/3rds of the top reports were from SRs with no prior paid reports. This will be their first-ever payment!
- These SRs representing the top 18% of reports will be splitting $50k in prize money — and 1/5th of them are submitting on Immunefi for the first time.
We’ve also uploaded the raw bug report text of every single paid report to the DeGate Boost repository on Immunefi, which is available here.
Congratulations to DeGate for hosting the first Bug Bounty Boost, and for all whitehats who participated and submitted their best, high-quality bug reports.
Work on the next Bounty Boosts has already begun!
Whitehats, which projects do you want to see most with Immunefi Boosts in 2024? Be sure to post and tag them on Twitter/X, let them know that you want boosts.
We have an exciting 2024 planned for you, so stay tuned, and get ready to flex those bug hunting instincts again soon.
