To ensure the Chainlink Network continues to provide smart contracts access to a highly secure and reliable source of external data, we are excited to announce that the Chainlink Bug Bounty Program is being extended to now provide $100,000 in cash or LINK for the responsible disclosure of critical vulnerabilities in the Chainlink codebase. Chainlink bug bounties will be available through Gitcoin and HackerOne, supporting individual developers and teams of security engineers who contribute to the resilience and robustness of the Chainlink Network.
By continuing to work closely with the security community, Chainlink users are provided additional assurance that the oracle infrastructure their smart contracts rely upon has not only been audited by multiple professional firms, but has also been reviewed by numerous independent developers who have a large incentive to explore every line of code. This expansion of financial support for the Chainlink Bug Bounty Program applies to all existing bounties across multiple marketplaces including:
- The Chainlink Gitcoin Bounty Program: https://gitcoin.co/issue/smartcontractkit/chainlink/3239/100023497
- The Chainlink HackerOne Bounty Program: https://hackerone.com/chainlink
The primary goal of expanding the Chainlink Bug Bounty Program is to both increase our support of the whitehat developer and security community for their continuous hard work, as well as ensure Chainlink’s core infrastructure can become even more robust and resilient against potential vulnerabilities. As the most widely used decentralized oracle solution in the smart contract space, we take security measures extremely seriously, and are always looking to increase the number of eyes that are reviewing the Chainlink codebase as a means of further protecting user funds and the DeFi ecosystem as a whole.
Through this program, we are most interested in mitigating any potential vulnerabilities regarding the Solidity-based smart contracts and Golang/TypeScript-based Chainlink core node software. Any issues that would lead to the integrity of a Chainlink node or network being compromised, misreporting data, experiencing downtime, or resulting in a direct loss of funds are of the highest priority. Furthermore, for reports affecting a Chainlink node through a publicly available surface (e.g. over the p2p network or using an on-chain request), we will provide an additional bonus.
By leveraging the powerful ability of the open-source community to come together and collectively review a common codebase, the Chainlink Network continues to improve in tamper-resistance, ensuring it can continue to scale up in total value secured and protect the DeFi ecosystem today and well into the future.
Please join the Chainlink Bounty Program on Gitcoin here or on HackerOne here. For direct outreach to Chainlink developer support, join our Discord. Follow the @chainlink official Twitter channel and the @Smart_Contract Twitter channel for updates on everything Chainlink.