Decentralized Oracle network developer Chainlink (LINK) has expanded its software bug bounty program.
Chainlink notes that in order to ensure their decentralized Oracle Network continues to offer smart contracts access to a secure and reliable external data source, they are pleased to confirm that the Chainlink Bug Bounty Program has been extended to now offer $100,000 in cash or LINK tokens for the “responsible disclosure” of critical vulnerabilities in the Chainlink codebase.
Chainlink bug bounties will reportedly be available via Gitcoin and HackerOne and will aim to support individual app developers and security engineering teams who intend to contribute to the “resilience” and “robustness” of the Chainlink Network.
By working cooperatively with the online security community, Chainlink users are offered “additional assurance” that the Oracle infrastructure their smart contracts depend upon has “not only been audited by multiple professional firms but has also been reviewed by numerous independent developers who have a large incentive to explore every line of code.” This “expansion of financial support for the Chainlink Bug Bounty Program applies to all existing bounties across multiple marketplaces,” the announcement revealed.
The Chainlink Gitcoin Bounty Program is accessible here: https://gitcoin.co/issue/smartcontractkit/chainlink/3239/100023497
The Chainlink HackerOne Bounty Program can be found here: https://hackerone.com/chainlink
The main goal or purpose of extending this Bug Bounty Program is to increase the support of the “whitehat” developer and security community for their “continuous hard work, as well as ensure Chainlink’s core infrastructure can become even more robust and resilient against potential vulnerabilities.”
As mentioned in the update by Chainlink:
“As the most widely used decentralized oracle solution in the smart contract space, we take security measures extremely seriously, and are always looking to increase the number of eyes that are reviewing the Chainlink codebase as a means of further protecting user funds and the DeFi ecosystem as a whole.”
Through this particular program and initiative, Chainlink says it’s “most interested” in addressing possible vulnerabilities related to the Solidity-powered smart contracts and Golang/TypeScript-based Chainlink “core node” software modules.
Chainlink added that any issues or problems that could result in the integrity of a Chainlink node or network being “compromised” should be addressed. Other serious, high-priority issues may include misreporting data, experiencing downtime, or the “direct loss of funds.”
For reports directly impacting a Chainlink node via a publicly accessible surface (like over the p2p network or using an on-chain request), the program will offer an “additional bonus.”
“By leveraging the powerful ability of the open-source community to come together and collectively review a common codebase, the Chainlink Network continues to improve in tamper-resistance, ensuring it can continue to scale up in total value secured and protect the DeFi ecosystem today and well into the future.”
Chainlink recently revealed that after more than a year of development and many different security audits, their Off-Chain Reporting (OCR) has now launched on mainnet. This marks a key milestone in the “scalability” of Chainlink’s “decentralized” Oracle networks. OCR considerably enhances the overall efficiency of how data is “computed” across different Chainlink Oracles, lowering operating costs as much as 90% and “enabling the Chainlink Network to accelerate the development of universally connected smart contracts both in DeFi markets and across various other industries.”
(Note: for more details on this announcement, check here.)