Immunefi, the leading bug bounty and security services platform for web3 protecting over $60 billion in user funds, has announced the launch of its on-chain Vaults System, representing its first milestone in creating the ultimate bug bounty platform and streamlining the relationship between projects and whitehats.
The Vaults System will increase transparency and trust between projects and security researchers by enabling projects to deposit assets into their own sovereign vault to pay out bug bounty rewards. This will allow projects to demonstrate to whitehats via the Immunefi UI that they have allocated sufficient funds to pay bounties and streamline the payment process. With the Vault System, projects can also reward whitehats on-chain and pay Immunefi’s fee in a single transaction. The Vaults System will reshape Immunefi’s bug hunting experience, resulting in increased commitment from the security researcher community and more top-tier bug reports submitted.
Immunefi’s Vaults System is built using the Safe multisig smart contract, one of the most battle-tested contracts in the industry. The contracts have undergone internal and external audits and feature a fully transparent bug bounty program. Only projects can access and interact with their vaults, depositing stablecoins, ETH, or any other asset on the Uniswap Token Lists. Using the new Vaults System, projects and whitehat hackers can connect their wallets and securely conduct the bounty payout entirely on-chain within the Immunefi Dashboard.
"We're releasing the first version of our Vaults System, primarily focused on proof-of-assets and providing a frictionless payment experience for bounty programs. This allows us to take a responsible first step, meticulously test everything, and ensure that our Vaults work at the infrastructure level," said Mitchell Amador, Founder, and CEO at Immunefi. "As we move forward, we envision the Vaults System will ultimately redefine the web3 bug bounty experience as we know it."
The Vaults System is launching with SSV Network, an easy-to-use and scalable infrastructure solution for decentralizing Ethereum validators, which will use dedicated sovereign vaults to pay their bounty rewards and Ref Finance, the first automated market maker (AMM) and decentralized exchange (DEX) on NEAR.
SSV is leading with a $1 million deposit into its sovereign vault, representing a big commitment to taking security seriously.
“The Vaults System will help us provide added reassurance for any researcher engaging with our bounty program, and in turn help secure the protocol even further. A good win-win.” said Eridian, SSV DAO Contributor. “Building further trust with the community by showcasing dedicated funding, and streamlining the payment process, will ultimately strengthen our security efforts.”
Reshaping The Bug-hunting Experience
Immunefi has paved the way for a dramatic repricing of bug bounties in web3, where they have quickly become the largest in the entire software industry. Incentives to exploit projects in web3 are significantly greater than in web2 due to the amount of capital locked in smart contracts. Web3 is a far more adversarial environment where vulnerabilities in code can result in a direct loss of this capital. The ecosystem has lost over $3.9 billion in 2022, and $1.2 billion in 2023 YTD. An effective and reliable incentivization system for hackers in web3 is crucial.
Immunefi is the largest and most widely adopted bug bounty platform in web3. It is trusted by established, multi-billion dollar projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, and more. Immunefi has saved over $25 billion in user funds and has paid out over $80 million in total bounties. The platform now supports over 300 projects across multiple crypto sectors and collectively offers over $150 million in bounties to whitehat hackers. Immunefi has also facilitated the largest bug bounty payments in the history of software, including $10 million for a vulnerability discovered in Wormhole, and $6 million for a vulnerability discovered in Aurora.
Immunefi is the leading bug bounty and security services platform for web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $80 million, and has pioneered the scaling web3 bug bounties standard. For more information, please visit https://immunefi.com/.