PolyBunny Prioritizes Security with $250,000 Bug Bounty
PolyBunny, a yield farming aggregator and optimizer on the Polygon network, is joining Immunefi with a $250,000 bug bounty to invite whitehats to test its code and restore community confidence in the wake of a recent hack.
PolyBunny suffered an exploit on July 16 that saw the price of polyBUNNY drop to $2 after exploiters minted 2.1m of the token. The bug has now been patched, and the team is taking steps to identify the exploiters. It is also working to regain the trust of their community through creating a compensation plan and following the DeFi security stack, which includes launching a bug bounty on Immunefi.
Hacks in crypto are a fact of life, but they don’t have to define projects.
We’re pleased to see PolyBunny join the platform to reward security researchers who disclose vulnerabilities in exchange for big payouts and big status. We can confirm: bug bounty programs work, and we’ve helped save hundreds of millions of user funds in 2021.
A bug bounty program is a signal that a team takes security and responsibility seriously and prioritizes the safety of its users. It’s also a win-win for everyone involved. Bug bounties help projects, users, researchers, developers, and also importantly, the wider DeFi community. The future of finance won’t achieve its true potential unless we all do our part to help make it secure.
The bug bounty program covers PolyBunny’s smart contracts and apps and is focused on receiving bug reports of the following impacts and attacks:
- Thefts and freezing of principal of any amount
- Thefts and freezing of unclaimed yield of any amount
- Theft of governance funds
- Governance activity disruption
- Website going down
- Flashloan attacks
- Oracle Manipulation attacks
- Reentrancy attacks
A critical smart contract vulnerability is worth $250,000, and a high vulnerability is worth $40,000.
To report vulnerabilities and view more details of the assets in scope and program rules, please see PolyBunny’s bounty page on Immunefi.
In response to the exploit, the Mound Team has also made security their top priority across all of their projects. They have revised their launch protocols to use the pre-launch audit period to make their products available on the testnet and to implement bug bounty programs to invite whitehats to evaluate the contracts ahead of the release of their projects on the mainnet. Qubit is the first product to be released under the new protocol, and the team has added Qubit to the Immunefi platform to identify potential vulnerabilities ahead of the planned launch in early September.
To report vulnerabilities and view more details of the assets in scope and program rules, please see Qubit’s and PolyBunny’s bounty pages on Immunefi.
