Multichain Collaborate with Immunefi to Launch a Bug Bounty Program
The role of white hat hackers cannot be understated for open-source protocols like Multichain in the digital assets’ ecosystem. Multichain is proud of its staggering community of developers who work night and day to constantly review and verify the Multichain code to find potential security threats, bugs, or vulnerabilities. To enhance the security of the Multichain ecosystem further, we are launching a bug bounty program on Immunefi, with rewards as high as $2 million for critical bugs. The supplemental security layer enabled with the integration with Immunefi will make Multichain more resilient to vulnerabilities than ever.
This bug bounty program is focused on Multichain’s smart contracts, website and app and is focused on preventing:
Rewards by threat level
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
All web/app bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. All Critical Smart Contract bug reports require a PoC and a suggestion for a fix to be eligible for a reward. Explanations and statements are not accepted as PoC and code is required.
Critical smart contract vulnerabilities are capped at 10% of economic damage, primarily taking into consideration funds at risk, but also PR and branding aspects, at the discretion of the team. However, there is a minimum reward of USD 100 000.
All vulnerabilities marked in the security reviews are not eligible for a reward.
Payouts are handled by the Multichain team directly and are denominated in USD. However, payouts are done in USDC.
Assets in Scope
All smart contracts of Multichain can be found at https://github.com/anyswap. However, only those in the Assets in Scope table are considered as in-scope of the bug bounty program.
If an impact can be caused to any other asset managed by Multichain that isn’t on this table but for which the impact is in the Impacts in Scope section, you are encouraged to submit it for the consideration of the project. This applies to only Critical and High impacts.
Impacts in Scope
Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.
Websites and Applications
Out of Scope & Rules
The following vulnerabilities are excluded from the rewards for this bug bounty program:
Smart Contracts and Blockchain
Websites and Apps
The following activities are prohibited by this bug bounty program:
Immunefi is a leading security services provider in Web3, it facilitates a platform that connects Web3 projects in need for watchdogs for their platform and white hat hackers, who get to monetize their expertise by fiding potential bugs in the associated projects.
Immunefi can manage bug bounty programs for their clients so that they are able to find and fix bugs in an ethical, efficient, and safe environment that respects client discretion. The platform is used by leading Web3 projects like Synthetix, Compound, SushiSwap, and Chainlink.
Multichain was born as Anyswap on the 20th July 2020 to service the clear needs of different and diverse blockchains to communicate with each other. As a cross-chain infrastructure, Multichain facilitates interoperability across different networks and enables seamless transfers of assets and values. With a constantly growing family of non-EVM and EVM chains (now 36), Multichain is the leader in the cross-chain field.
Its sustained daily volume of more than $200 million, its Total Value Locked in excess of $6 billion and its thousands of daily users are testament to its popularity and security.