Expanding the Chainlink Bug Bounty Program to Immunefi
We are excited to announce that the Chainlink Bug Bounty Program has been extended to the Immunefi platform, serving as an opportunity to financially support their open-source development community while improving the robustness of the Chainlink Network. If you want to participate in the Chainlink Bounty on Immunefi, join using the following link: https://immunefi.com/bounty/chainlink/
By working even closer with the security community, Chainlink users get greater assurances that the oracle network infrastructure their hybrid smart contracts rely upon has not only been redundantly checked and tested by multiple professional auditing firm but also analyzed by the wider open-source community who have large financial incentives to explore every line of code.
The primary goal of expanding the Chainlink Bug Bounty Program onto Immunefi is to ensure Chainlink’s core infrastructure is even more hardened and resilient against unexpected vulnerabilities. As the most widely used oracle solution across all major blockchain ecosystems, we take security measures extremely seriously and are always looking to increase the number of developers that review the Chainlink codebase to spot potentially unforeseen bugs or exploits. The end result is a safer DeFi ecosystem and smart contract economy as a whole, which is especially important given the increasing number of DeFi, NFT, Gaming, and Insurance dApps and data providers relying on Chainlink-powered decentralized oracle networks for external data and off-chain computation.
Rewards for responsibly disclosing bugs are distributed according to the impact of the vulnerability, which is outlined in the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains. Immunefi’s classification system encompasses everything, including the consequence of exploitation, the privilege required, the likelihood of a successful exploit, and more. Numerous leading DeFi projects are already leveraging the Immunefi bug bounty platform, such Synthetix, SushiSwap, Nexus Mutual, PoolTogether, and many more. As a result, the Immunefi bug bounty platform is collectively ensuring the protection of over $25B in user funds.
We are most interested in mitigating any potential vulnerabilities regarding Chainlink’s Solidity-based smart contracts and Golang/TypeScript-based Chainlink core node software listed on the Chainlink GitHub. Any issues that would lead to the integrity of a Chainlink node or network being compromised, misreporting data, experiencing downtime, or resulting in a direct loss of funds are of the highest priority for responsible disclosure. Additionally, we are particularly interested in any reports affecting a Chainlink node through a publicly available surface, such as over the peer-to-peer network or using an on-chain request.
By leveraging the collective knowledge and experience of the open-source community, the Chainlink Network is able to continuously increase its tamper-resistance. This improves its ability to secure increasingly higher amounts of value for smart contracts, thereby allowing DeFi and other emerging blockchain-based industries to both remain secure today and scale successfully into the future.
If you want to participate in any of the Chainlink Big Bounty programs, we encourage you to join any of the platforms it runs on, including Immunefi, Gitcoin, and HackerOne. For developer support, read the Chainlink docs, check out the Chainlink GitHub, or join the Chainlink Discord to ask technical questions.