Place/Date: - October 26th, 2021 at 6:09 pm UTC · 4 min read
As you might have read in our latest article, we’re fierce on safety. As blockchain’s first OS, we need to constantly prioritize the security of our code. That’s why we teamed up with Immunefi, DeFi’s leading bug bounty platform.
A bug bounty is a financial incentive to independent bug bounty hunters who discover security vulnerabilities and weaknesses in systems. Through Immunefi, Cartesi gives $500,000 in rewards to find bugs to keep our code reliable for all users – additional rewards are also available to earn in the program. When bounty hunters report valid bugs, we compensate them. That way, we can identify security flaws before bad actors do.
Bug bounty hunters are so-called ethical hackers who may be eligible for a bug bounty if they successfully discover and report a vulnerability or issue to Cartesi. Immunefi is a bug bounty program that improves the security posture of systems over time by leveraging the hacker community. Immunefi has the largest bug bounties on any platform. Since the start of this year, they’ve already paid out +$2,000,000 in bounties.
A disclosure report is filled out by hackers whenever they discover a defect and describe how it impacts the software and the severity of the problem. Through Immunefi, the bug bounty hunter provides our developers with step-by-by-step directions for reproducing and validating the issue. This is the most essential step in the process. After the bug is discovered by our developers, a cash reward is offered to the hacker. In general, payouts range from a few thousand dollars to millions of dollars, depending on the severity of the problem.
Our developers will assign priority to newly received bug reports and begin resolving them as soon as possible. The bug is retested by developers to guarantee that it has been fixed. For DeFi projects with smart contracts, rewards will be assigned according to Immunefi’s classification system, which uses a simple 5-level scale.
Cartesi believes anyone should earn a relevant income in the new decentralized world we’re building. With Immunefi, hackers can look for bugs as a full-time source of income or use it to supplement their current income. Through ImmuneFi, bug bounty hunters earn financial rewards and can get public recognition for finding and reporting problems. Some use it as a method to land their first job and to demonstrate real-world experience.
With ImmuneFi, bug bounty hunters can find programs that best match their skills. They offer experts to solve the most fascinating puzzles in the world, of which DeFi vulnerabilities are the most high-stakes challenges.
Because of the complexity of DeFi code, even very experienced developers need to learn about it. Immunefi has a Learn section where bug bounty hunters can read about blockchain, smart contracts, what kinds of vulnerabilities exist in smart contracts, and most importantly, how to find them. For bug bounty hunters, ImmuneFi has a very clear dashboard to file the bug report and to include a working proof of concept.
During this new bug bounty program, we work closely with Immunefi and their wider open-source security community to identify and patch any vulnerabilities found in Cartesi’s staking system. In particular, thefts and freezing of principal of any amount, thefts and freezing of unclaimed yield of any amount, governance activity disruption, website down, user data leak, and access to sensitive pages without authorization.
Interested people can access Immunefi’s Bug Bountry program here.
Immunefi is the go-to platform for DeFi projects looking to protect their code while also rewarding ethical hackers. To date, Immunefi has secured over $25 billion in customer funds while also rewarding bug bounty hunters with millions of cash, including the largest bug bounty in history ($2 million). For DeFi’s most important projects, Immunefi’s community of proven white hat hackers is essential to the security stack. Immunefi also has war room and crisis management skills as well as an industry-leading secure disclosure platform.
Cartesi is the first OS on the blockchain, and our Layer-2 solution integrates Linux and standard programming environments to blockchain. This allows developers to code scalable smart contracts with rich software tools, libraries, and services they are used to.
Cartesi bridges the gap between mainstream software and blockchain, welcoming millions of new startups and their developers to blockchain by bringing Linux to blockchain applications. Cartesi combines a groundbreaking virtual machine, optimistic rollups, and side-chains to revolutionize the way developers create blockchain applications.