crypto-economy.com
Binance Smart Chain (BSC), a blockchain network developed by Binance, has launched a $10 million bug bounty program, Priority ONE, aiming to keep the BSC blockchain network secure by encouraging bug bounty hunters and ethical hackers.
Binance Smart Chain (BSC) team announced the launch of the bounty fund in a blog post on Monday, July 26th. According to the announcement, in the Priority ONE program, the BSC Accelerator Fund will establish a $10 million bounty pool that will “reward all bounty hunters for disclosing verifiable attack vectors or security flaws across up to 100 DApps.”
Initially, in July, BSC Accelerator Fund will establish a BNB bounty pool worth $3 million to support the initial 30 DApps. The rewards will be distributed on an individual basis based on the severity and exploitability of the discovered vulnerability, noted the announcement.
In October, the BSC core team will launch a BEP (Binance Chain Evolution Proposal) to the existing BSC validators that will try to get validators’ approval for dedicating a certain percentage of the daily block rewards toward the bounty pool. If this BEP passes, this will help the team to raise the announced $10 million in BNB rewards. With this, the Priority ONE program will support up to 100 DApps in total over the next 6-12 months.
According to the announcement, The BSC core team will manage the initial $3 million BNB bounty pool, review all disclosures, and assess the reward size. The Priority ONE program is for all projects building on BSC. To be eligible for the program, a project “must have at least two (2) audits or security certifications with a positive result from reputable security firms,” and fund at least $100K towards its bug bounty program.
The program will not directly reward bounty hunters. Instead, the Priority ONE program will reimburse bug bounties paid out by eligible participating projects as a part of their bug bounty programs. Each partner project can receive a maximum combined reward of $100K.
The details of the program note that the BNB bounty pool will reimburse up to 50% of the bounty reward for high and critical issues to the partner project. All high and critical vulnerabilities found by bounty hunters will be reviewed by PeckShield, CertiK, Immunefi, and/or the Binance security team.
The BSC team wrote:
“To ensure that the community can use Binance Smart Chain DApps in a safe environment, we will create an attractive joint bounty program for bounty hunters, white hats, and ethical hackers. This joint bounty program aims to continuously improve software security and lifecycle management, provide risk controls, and attract more proactive penetration testing to identify issues early.”