Decentralized Oracle network provider Chainlink (LINK) recently announced that its Bug Bounty Program has now been extended to the Immunefi platform, serving as a key opportunity to financially support their open-source development community while “improving the robustness of the Chainlink Network.”
If you’re interested in taking part in the Chainlink Bounty on Immunefi, you may join via this link: https://immunefi.com/bounty/chainlink/.
By working cooperatively with the security community, Chainlink users are able to receive greater “assurances” that the Oracle network infrastructure their hybrid smart contracts depend upon are “redundantly” checked and tested by several different professional auditing firms. These services are also analyzed by the “wider” open-source community which may have large financial incentives to “explore every line of code,” the announcement noted.
The main goal of expanding the Chainlink Bug Bounty Program onto Immunefi is to “ensure Chainlink’s core infrastructure is … more hardened and resilient against unexpected vulnerabilities.”
As mentioned in the update from Chainlink:
“As the most widely used Oracle solution across all major blockchain ecosystems, we take security measures extremely seriously and are always looking to increase the number of developers that review the Chainlink codebase to spot potentially unforeseen bugs or exploits. The end result is a safer DeFi ecosystem and smart contract economy as a whole, which is especially important given the increasing number of DeFi, NFT, Gaming, and Insurance dApps and data providers relying on Chainlink-powered decentralized oracle networks for external data and off-chain computation.”
Rewards for “responsibly” disclosing software or program bugs are distributed “according to the impact of the vulnerability, which is outlined in the Immunefi Vulnerability Severity Classification System,” the announcement stated.
As explained in the update, this is a “simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains.” Immunefi’s classification system aims to cover everything, such as the consequence of “exploitation,” the “privilege” needed, the likelihood or probability of a “successful” exploit, and more.
The announcement further noted that many leading DeFi projects are already leveraging the Immunefi bug bounty platform, including Synthetix, SushiSwap, Nexus Mutual, PoolTogether, and several others. Because of the high level of involvement, the Immunefi bug bounty platform is “collectively ensuring the protection of over $25B in user funds.”
The announcement clarified:
“We are most interested in mitigating any potential vulnerabilities regarding Chainlink’s Solidity-based smart contracts and Golang/TypeScript-based Chainlink core node software listed on the Chainlink GitHub. Any issues that would lead to the integrity of a Chainlink node or network being compromised, misreporting data, experiencing downtime, or resulting in a direct loss of funds are of the highest priority for responsible disclosure.”
The Chainlink team also mentioned:
“We are particularly interested in any reports affecting a Chainlink node through a publicly available surface, such as over the peer-to-peer network or using an on-chain request.”
By leveraging the “collective knowledge” and experience of the open-source community, the Chainlink Network can “continuously” increase its “tamper-resistance.” This improves its ability to “secure increasingly higher amounts of value for smart contracts, thereby allowing DeFi and other emerging blockchain-based industries to both remain secure today and scale successfully into the future,” the update explained.
If you’re interested in taking part in the Chainlink Big Bounty programs, then you can join any of the platforms it is running on, such as Immunefi, Gitcoin, and HackerOne. For developer support, you may review the Chainlink docs, view the Chainlink GitHub, or join the Chainlink Discord in order to ask more technical questions.