Cross-chain messaging protocol LayerZero and security platform Immunefi have teamed up to launch a $15 million bug bounty program.
The program offers rewards of up to $15 million to anyone who finds the most critical level of vulnerability. According to its terms and conditions, rewards are based on the Immunefi vulnerability severity classification system and are paid out based on vulnerability impact.
LayerZero is a chain-wide interoperability protocol that allows developers to interact with contracts across blockchains. In bug bounty programs, ethical hackers are rewarded for discovering and reporting application vulnerabilities and bugs. To be eligible for rewards, bug reports must include de a Proof of Concept (PoC) demonstrating the eventual impact on in-scope assets. According to the eligibility criteria, explanations and representations are not accepted as PoC and code are required.
Critical smart contract vulnerabilities reported on Ethereum, BNB Chain, Avalanche, Polygon, Arbitrum, Optimism, and Fantom pay $250,000 or 10% of the value at risk of the asset at the time of reporting, whichever is greater. For all other chains, payouts for critical vulnerabilities start at $25,000. Non-key rewards are based on internal criteria. Bounty hunters must also adhere to "know your client" standards, such as submitting copies of passports or government IDs and proof of address, as well as being screen ed by the US Office of Foreign Assets Control.
According to Immunefi, since its inception in 2020, more than 1,248 reports have been processed, with a total cryptocurrency bounty paid out as of December 2022 of $65,918,994.
Other software companies offering bug bounties of thousands of dollars include Microsoft, Intel and OpenAI. Microsoft provides up to $250,000 for serious errors. Intel's bug hunters can earn rewards of up to $100,000, while OpenAI offers rewards of up to $20,000 for exceptional discoveries.
