A $10 million bug bounty fund has been launched by the Binance Smart Chain for projects built on top of the protocol called ‘Priority One’. The purpose of the initiative is to enhance the security of the blockchain network by encouraging ethical hackers and bug bounty hunters to find loopholes. Now bug bounty hunters and security experts have been given an incentive for helping the Binance Smart Chain (BSC) developers in securing their network. The BSC project revealed on Monday that ‘Priority One’ is a $10 million fund that has been set aside for projects that are built on top of the protocol.
According to the announcement, the purpose of the initiative is to reduce project exploits and refine the lifecycle management of users of BSC. The projects that are eligible will be able to leverage risk management schemes and proactive penetration testing. The coordinator of the BSC community, Julian Tan explained that the possibility of future exploits will shrink with the help of these types of evaluations. In a statement, Tan said that the projects that will be shortlisted for the bug bounty will be tested continuously. He said that with a greater number of experts evaluating decentralized apps regularly and identifying specific vulnerabilities, there will be more to explore.
The BSC community will be working together for checking every nook and cranny of the target and will not leave any possibility for potential exploits. All the bounty hunters who comb the BSC protocol for security flaws and vectors will be given a reward for their disclosures. There are different types of vulnerabilities that they can help in identifying and these include logic errors, novel governance attacks, congestion and scalability, smart contracts, blockchain and cryptographic flaws, oracle manipulation and failure, economic and financial attacks and susceptibility to blocking timestamp manipulation.
A proof-of-concept will have to be completed for submissions and a step-by-step guide should be used for describing the vulnerability. The rewards will depend on the severity assessment of the discovered exploitation by the ethical hacker. Certik, Peckshield, Immunefi and the Binance Security team are also helping out the BSC. Mitchell Amador, the founder and chief executive of Immunefi, said in the announcement that big bounties are an essential element of the security stack of decentralized finance (defi). He said that it attracts new security researchers and is also good for giving a compelling incentive for disclosure for mainnet contracts.
He said that this fund will supercharge bug bounties on the Binance Smart Chain because it will drive the community to follow best practices and also provide excellent incentives for a greater number of security researchers to participate in the Binance Smart Chain ecosystem as a whole. This is certainly not a new tactic, as a number of companies in other industries, particularly the tech sector, have used the lure of bug bounties for strengthening their security system. The social media giant Facebook routinely introduces such programs for finding loopholes in their system.