26th July 2021 –– Binance Smart Chain, the leading DeFi and NFT infrastructure has launched its first ever security fund to invest in bug bounty programs for projects building on top of BSC. The initiative encourages participation from bounty hunters, ethical hackers, and security experts.
The fund aims to safeguard the interests of users by providing a sound environment and continually improving the security standards of protocols. The initiative is directed at refining the lifecycle management of BSC users and decreasing project exploits. Eligible projects will receive advanced risk management controls and proactive penetration testing to identify vulnerabilities at an early stage.
“The shortlisted projects for the bug bounty will be open for continuous testing. With more experts identifying specific vulnerabilities and evaluating dApps regularly, there’s more to explore; BSC community will work together to check every nook and corner of the target and leave no room for potential exploits.” — Julian Tan, BSC Community Coordinator
Successful bounty hunters will be rewarded from the $10M fund for disclosing verifiable attack vectors and security flaws. This includes, but is not limited to:
- Smart Contracts/Blockchain/Cryptographic flaws
- Logic Errors
- Financial/Economic attacks
- Susceptibility to block timestamp manipulation
- Novel governance attacks
- Congestion and Scalability
- Oracle failure/manipulation
A complete documentation/proof-of-concept and step-by-step analysis must be submitted by reporters for the bug bounty programs of BSC projects. The rewards will be fairly distributed based on the severity and exploitability of the subject.
All high priority and critical disclosures will be reviewed by a well-defined evaluation process involving BSC ecosystem contributing partners like PeckShield, CertiK, Immunefi, and the Binance Security team. Eligible projects can receive up to $100K in bug bounty funds as a supplement to their own bounty program.
“Bug bounties are a core pillar of the DeFi security stack, providing both a compelling disclosure incentive for mainnet contracts and attracting new security researchers. This fund supercharges bug bounties on BSC, by driving the community to adopt best practices while providing compelling incentives for more security researchers to participate in the BSC ecosystem at large.” said Mitchell Amador, CEO and Founder at Immunefi.
“It’s clear that this bug bounty fund will contribute to a bright future for BSC. As the major player in DeFi bug bounties, Immunefi is proud to do its part to ensure all participating projects get the very best bug bounty support available.” she added.
BSC Accelerator funds will provide 3M USD worth of BNBs to support the initial batch of first 30 dApps. In Q4, a new BEP (Binance Chain Evolution Proposal) will request a percentage (approx. 1%) of the daily block rewards to be dedicated to the bug bounty pool. The daily block rewards will be utilized to raise the remaining $7 million in BNB rewards. More information around the new BEP proposal will be provided on BSC’s official channels.
“This initiative shows strong commitment and responsibility. The BSC community needs to work together to continuously strengthen protocol security, improve risk controls, and lean towards a more proactive approach in terms of identifying and fixing potential vulnerabilities. As a blockchain security company, we’re excited to be involved and expect this initiative to help the community interact with more secured projects.” — Xuxian Jiang, CEO and Co- founder, PeckShield.
The application process for projects wishing to participate in the bug bounty program is live. For more information please check the preview of the official announcement (Announcement will go live at 7 PM SGT, 26th July).
About Binance Smart Chain
Binance Smart Chain is a sovereign smart contract blockchain delivering Ethereum Virtual Machine (EVM) compatible programmability. Designed to run in parallel with Binance Chain, Binance Smart Chain retains the former’s fast execution times and low transaction fees while adding Smart Contracts functionality to support compatible dApps. For more information on Binance Smart Chain, please visit https://www.binance.org