Immunefi Matching Bug Bounty Program: Renewal and Expansion
Nexus Mutants recently approved the renewal and expansion of the Immunefi matching bug bounty program by a unanimous vote. Funding for the matching bug bounty program has been increased from $200,000 to $600,000, and these funds will be used to provide greater incentives for whitehat hackers to review code and disclose critical vulnerabilities for protocols listed in the Nexus Mutual dApp.
Nexus Mutual is on a mission to protect a greater percentage of DeFi users against the major risks present in on-chain markets. Our community began working with Immunefi in 2021 to create the matching bug bounty program, which started on a trial basis with $200,000 in funding for nine protocols whitelisted for the program.
In March 2022, Nexus Mutual paid the first matching bug bounty in the amount of $200,000 to a whitehat hacker who disclosed a critical vulnerability in Yearn Finance’s USDT strategy. The whitehat hacker received a total of $400,000 for disclosing this vulnerability before it could be exploited.
After the demonstrated success of this program, members voted to renew and expand the matching program with Immunefi. To be eligible for the program, projects must meet the following requirements and terms:
- Projects with an active bug bounty program on Immunefi
- Matching for bug bounties with a critical threat level rating
- Nexus Mutual will provide $1 in matching funds for every $2 offered for critical vulnerability disclosures
- Total payouts capped at $600,000
- Allow matching up to $600k for projects with greater than $8m in active cover
- Allow matching up to $200,000 for projects with active cover between $2m and $8m
The terms of this program have been adjusted to expand the program, make more listed projects eligible for matching payouts, and create greater incentives for projects to offer larger critical bug bounties. Matching bug bounty payouts deliver cost effective value to members when the matching payout is less than potential claim payouts on a certain percentage of a project’s active cover amount.
Immunefi’s whitehat community operates as a marketplace for attention. Through our partnership, the mutual is offering increased rewards for experienced and novice whitehat hackers to direct their attention to the codebases of protocols listed in the Nexus Mutual dApp. This benefits Immunefi’s whitehat community, users of listed protocols, and the wider DeFi ecosystem.
The Nexus Mutant community looks forward to strengthening our relationship with the leading bug bounty and security services platform for Web3 to make the ecosystem safer for everyone. Whether you are a DeFi power user or a multi-billion dollar protocol, Nexus Mutual has you covered.
Is your protocol interested in the Nexus Mutual Bug Bounty Matching Program? Sign up with Immunefi and get integrated with Nexus.
Nexus Mutual is the leading provider of on-chain coverage for productive crypto assets. The mutual is a decentralized alternative to insurance that returns power back to members by allowing individuals to share risk, underwrite cover, participate in governance, and assess claims. The mutual was the first protocol to offer on-chain coverage for productive assets and the only DeFi coverage protocol to compensate users affected by loss events with more than $4.75m in claim payments. Nexus Mutual currently protects crypto assets worth $436.3m+ and is trusted by institutions and retail users alike.
Immunefi is the leading bug bounty and security services platform for Web3, which features the world’s largest bounties. Immunefi guards over $100 billion in users’ funds across projects like Nexus Mutual, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, Alchemix, Synthetix, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $20 million, and has pioneered the scaling DeFi bug bounties standard.
