THORChain's bug bounty program with Immunefi has been updated and will now pay up to $1,000,000 for critical vulnerabilities.
THORChain's bug bounty program with Immunefi has been updated and will now pay up to $1,000,000 for critical vulnerabilities.
.@THORChain's bug bounty program with @immunefi has been updated. The program will now pay up to $1,000,000 for Critical vulnerabilities. Reduced criticality levels have been introduced to important issues such as accounting and consensus failure.
— THORChain #THORFI (@THORChain) May 4, 2022
Read: https://t.co/vpOjiSIt7Y pic.twitter.com/oOtfyU3y2q
The bug bounty program covers its smart contracts and core THORChain functionality, and is focused on receiving critical bug reports covering impacts as stated in the Impacts in Scope section. Vulnerabilities below the Critical severity level are not accepted under the bug bounty program.
Nine Realms has joined the efforts to triage and verify vulnerabilities of this bug bounty program.
In order to qualify for the reward, a Proof of Concept (PoC) must be included. Exploited vulnerabilities, as well as known issues, are not eligible for a reward.
Additional information on payouts:
Smart Contract Levels:
Critical: Loss or lockup of funds
High: Codepath that causes a Chain Halt via a consensus failure, panic, or otherwise
Medium: Accounting issues, LP/Bond invariants, Incorrect disbursement of rewards, etc
Payouts are handled by the THORChain treasury in coordination with the THORChain team and are denominated in USD.
