Join the Immunefi Discord serverLet's do it
18 February 2021
Robert Forster, CTO of ArmorFi, a smart insurance aggregator for DeFi which provides Pay as You Go and Only Pay What You Owe ᴰᵀᴹ coverage for user funds across various protocols, is interested in securing the wider Ethereum ecosystem by encouraging responsible disclosures to prevent catastrophic hacks on any project on Ethereum. In light of the success from ArmorFi’s bug bounty program where Alexander Schlindwein (@bobface16) from IdeaMarkets disclosed a critical bug via Immunefi, Robert Forster is launching the R Bounty program with a reward of 250 000 ARMOR.
The bug bounty program covers critical smart contract bugs across the Ethereum ecosystem according to the Immunefi Vulnerability Severity Classification System that could result in the immediate loss of the equivalent of at least USD 1 million.
The fine print: Robert Forster, CTO of ArmorFi, provides R Bounty as a service to the Ethereum community. Robert Forster and the ArmorFi team receive no compensation for any of its activities under the R Bounty program. Robert Forster, ArmorFi, and Immunefi cannot guarantee a response from the affected project for bugs submitted through the R Bounty program.
The scope of the R Bounty program is only around smart contract bugs of projects on Ethereum that could result in the loss of a total of at least USD 1 million worth of user funds, either by loss of access or by theft.
Robert Forster will reward successful disclosures with 250 000 ARMOR, with 25 000 ARMOR upfront and the remaining 225 000 ARMOR vested over 6 months.
If a project has an existing bug bounty program, or if the project decides to reward you as well, you’ll get the full payout reward they have for the critical bug in addition to the reward in ARMOR.
Here’s a list of the vulnerability types that the program accepts to give you a better idea on what R Bounty is able to support. However, this is by no means an exhaustive list of all vulnerabilities that are accepted in the program. Note that only the vulnerability types under “Smart Contracts and Blockchain” are accepted.
The following vulnerabilities are not accepted by our Disclosure Assistance program, as well as all web and app vulnerabilities.
We also generally do not work with bug reports that have violated any of our standard rules:
Join our whitehat community and get notified when new bounties launch on the platform