"If you're not using Immunefi, you're not taking security seriously." - Jaynti Kanani, Polygon Co-Founder
Secure your project, sleep well at night, and show you take security seriously. Launch your bug bounty program with Immunefi.
Who We Are
Immunefi is the leading bug bounty and security services platform for Web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Synthetix, Chainlink, SushiSwap, MakerDAO, Wormhole, GMX, Alchemix, Nexus Mutual, and many others.
Immunefi is chain-agnostic: we host bug bounties for blockchain projects across all chains and networks.
What We Offer
We host bug bounties for blockchain projects by providing a platform to bring projects and hackers together, so that hackers can report bugs responsibly and projects can fix those vulnerabilities securely.
As part of that process, we offer:
The Whitehat Army
- Talent is scarce and hard to bring together, so we’re continuously growing the best Web3 and DeFi security experts in the industry to do an ongoing code review of your project. It’s not uncommon that security researchers turn up vulnerabilities within minutes or hours of a bug bounty program going live
A Secure Dashboard
- The Immunefi Bugs Platform is a secure and convenient way to receive bug reports
- Receive bug reports in the same place they are reported
- Manage all existing reports
- Multiple team members can be added
- Free for all Immunefi clients
PR and Comms Support
- We write highly viewed and shared bugfix reviews for vulnerabilities, reminding the crypto community how much your project takes security and responsibility seriously
- We advise on how to communicate about a patched vulnerability
- PR assistance depending on press coverage likelihood
How Does It Work?
Onboarding and Launch Process
- After clients fill out an Immunefi bug bounty onboarding form, they receive a questionnaire
- Immunefi begins drafting up a bug bounty program based on answers to those questions
- The draft is sent to clients for review
- After modifications are done, the process is handed over to Immunefi’s launch specialist
- The launch specialist works with the project’s marketing team to figure out the launch time and bounty PR/marketing details
How Fees and Payments Work
How much does hosting a bug bounty on Immunefi cost? The good news is that there’s no upfront cost. Projects only pay a 10% performance fee to Immunefi on top of the bug bounty award when hackers find real vulnerabilities.
- $0 onboarding and launch fee
- $0 maintenance fee
- $0 advisory fee for drafting the program
- 10% Immunefi performance fee (charged on top of the payout) for vulnerabilities found
- No deposits
- You can KYC if needed, but let us know in advance
- Projects set their own payout amounts
- Pay rewards in your own token/coin
Sounds Great, How Do We Sign Up?
If you’re a project looking to show your users and the world that you take responsibility and security seriously, sign up for a bug bounty here, and we’ll begin the onboarding process.
We aim to get back to all projects expressing interest within 5 business days.
The FAQ for projects is available on Immunefi Support.
Severity Classification Systems
Immunefi maintains a master list of severity classification systems used across our bug bounty programs for determining the severity level of bug reports. This list can be found here.