Nexus Mutual Bug Bounty Matching Program


The Nexus Mutual community has allocated $600,000 to its bug bounty matching program with Immunefi.

The details of the program and eligibility are straightforward:

  • First, a project has to have an active bug bounty program on Immunefi

  • Second, the project must be on the approved list below, i.e. have cover from Nexus Mutual and meet certain other criteria

  • Third, the bug bounty matching program only applies to vulnerabilities rated as critical

The maximum amount of funds available for matching is $600k. Projects with more than $8m in active cover on Nexus Mutual are eligible for matching up to $600k. Projects that have cover between $2m-$8m are capped at $200k per matching payout.

According to the Snapshot proposal, the matching ratio is a $1 matching payment for every $2 on the critical bug bounty, which will incentivize projects to increase the size of their bug bounties and motivate them to take security seriously.

Matching bug bounty payouts deliver cost effective value to members when the matching payout is less than potential claim payouts on a certain percentage of a project’s active cover amount.

The Nexus Mutual core team has determined the following bug bounty programs on Immunefi to be eligible and pre-approved for matching payouts, which is viewable in the Nexus Mutual spreadsheet here. The spreadsheet is updated every Sunday.