Immunefi Launches THORChain Bug Bounty Program

Immunefi, a bug bounty marketplace and middleman service, has launched a THORChain program that will incentivize hackers to find and properly disclose vulnerabilities in the protocol code.

Why this is Important

Bounty programs with large value payouts encourages white and grey-hats to responsibly disclose vulnerabilities, and is a win-win for both the hacker and protocol.

Blackhat hackers mix their tokens through services like Tornado in order to avoid repercussions, and must always look over their shoulder in fear of being caught.

Going through official channels allows hackers to get paid legitimately, and prevents the protocol from getting exploited in a live environment.

• The program offers a maximum single bounty of $500,000 with a total pool of $2,000,000.
• Payouts are based on a severity classification system that pays larger rewards for more severe flaws.
• The reward is also dependent on the value of funds that can be exploited.
• The Tendermint application and Solidity vulnerabilities in the ETH router smart contract are eligible.

What Led to This

The THORChain team is doubling-down on security in wake of the recent exploits.

Chaosnet was designed to attract hackers with real-world funds, and while this month’s attacks were difficult for the community, they have exposed the protocol’s vulnerabilities and give the developers a path forward for hardening the network.

The Good News

With Immunefi, Halborn, and TrailOfBits all auditing the THORChain protocol, users can begin to regain confidence in the network.

The team has reassured users that no funds will be lost, and the chain is expected to begin producing blocks again soon.

This will allow liquidity providers and node operators to continue to receive block rewards as the audits are in progress, but trading will be halted indefinitely.

‍