Published in


Multichain Collaborate with Immunefi to Launch a Bug Bounty Program

The role of white hat hackers cannot be understated for open-source protocols like Multichain in the digital assets’ ecosystem. Multichain is proud of its staggering community of developers who work night and day to constantly review and verify the Multichain code to find potential security threats, bugs, or vulnerabilities. To enhance the security of the Multichain ecosystem further, we are launching a bug bounty program on Immunefi, with rewards as high as $2 million for critical bugs. The supplemental security layer enabled with the integration with Immunefi will make Multichain more resilient to vulnerabilities than ever.

This bug bounty program is focused on Multichain’s smart contracts, website and app and is focused on preventing:

Rewards by threat level

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.

All web/app bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. All Critical Smart Contract bug reports require a PoC and a suggestion for a fix to be eligible for a reward. Explanations and statements are not accepted as PoC and code is required.

Critical smart contract vulnerabilities are capped at 10% of economic damage, primarily taking into consideration funds at risk, but also PR and branding aspects, at the discretion of the team. However, there is a minimum reward of USD 100 000.

All vulnerabilities marked in the security reviews are not eligible for a reward.

Payouts are handled by the Multichain team directly and are denominated in USD. However, payouts are done in USDC.

Assets in Scope

All smart contracts of Multichain can be found at However, only those in the Assets in Scope table are considered as in-scope of the bug bounty program.

If an impact can be caused to any other asset managed by Multichain that isn’t on this table but for which the impact is in the Impacts in Scope section, you are encouraged to submit it for the consideration of the project. This applies to only Critical and High impacts.

Prioritized Vulnerabilities

Impacts in Scope

Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.

Smart Contracts

Websites and Applications

Out of Scope & Rules

The following vulnerabilities are excluded from the rewards for this bug bounty program:

Smart Contracts and Blockchain

Websites and Apps

The following activities are prohibited by this bug bounty program:

About Immunefi

Immunefi is a leading security services provider in Web3, it facilitates a platform that connects Web3 projects in need for watchdogs for their platform and white hat hackers, who get to monetize their expertise by fiding potential bugs in the associated projects.

Immunefi can manage bug bounty programs for their clients so that they are able to find and fix bugs in an ethical, efficient, and safe environment that respects client discretion. The platform is used by leading Web3 projects like Synthetix, Compound, SushiSwap, and Chainlink.

About Multichain

Multichain was born as Anyswap on the 20th July 2020 to service the clear needs of different and diverse blockchains to communicate with each other. As a cross-chain infrastructure, Multichain facilitates interoperability across different networks and enables seamless transfers of assets and values. With a constantly growing family of non-EVM and EVM chains (now 36), Multichain is the leader in the cross-chain field.

Its sustained daily volume of more than $200 million, its Total Value Locked in excess of $6 billion and its thousands of daily users are testament to its popularity and security.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Multichain (Previously Anyswap)

Multichain (Previously Anyswap)

Cross-Chain Router Protocol (CRP), an infrastructure for cross-chain interoperability, envisioned to be the ultimate router for Web3