Immunefi and Zellic are partnering up to build a more secure Web3! Zellic is a security research firm with deep expertise in blockchain security. Their security researchers’ background in traditional infosec and competitive hacking enables them to discover hidden vulnerabilities and develop novel research. For this reason, they’ve earned the reputation as the go-to security firm for teams whose rate of innovation outpaces the existing security landscape. By pairing Zellic’s services with those of Immunefi, the leading bug bounty platform on Web3, you can rest easy knowing that your proje ..read more

Summary On September 28, 2023, the security researcher @KoiushSec submitted a critical vulnerability to Alchemix via Immunefi, which consisted of missing solvency checks at liquidation. At the time of the submission, the vulnerability would have allowed an attacker with significant upfront capital to create over 7k of unbacked alETH in 2 hours (equivalent to $11,662,140 USD), if it had gone unnoticed. It is noted that this vulnerability cannot be performed with a flash loan, but requires significant investment from the attacker itself. After receiving Koiush’s report, the bug was quickly ..read more

On September 12th, 2023, the security researcher LonelySloth responsibly disclosed a Critical severity vulnerability from the Aztec Network codebase via Immunefi. The vulnerability was a multiple-spend error that would have allowed an attacker to drain the entire total value locked (TVL) of the project if left unchecked, targeting approximately $5,000,000 in funds at the time of the report. Thanks to the responsible disclosure by the whitehat and the Aztec Labs team’s lightning-quick response, the issue was quickly mitigated and no funds were affected. LonelySloth was awarded a $450,000 ..read more

Today, we’re announcing Boosts for Bug Bounties, enabling projects to secure their new code by boosting whitehat interest to hunt on their protocol with greater rewards, support, and glory. Mark your calendars for our first bug bounty boost: DeGate! Starting November 20th till December 4th — the DeGate bug bounty is getting a boost, with $350,000 USD available for Critical and High severity bugs on top of a guaranteed reward pool of $50,000 USD out for grabs by all participants who hunt on their brand new code. DeGate will also be holding a technical walkthrough and Q&A on the s ..read more

Immunefi Managed Triage — 24/7 Premium Triaging Service for your Bug Bounty Program Having your project on Immunefi can attract a significant amount of attention and interest from the web3 security community. But when it comes time to assess those reports on your own as a project, it can be a significant challenge. In your organization, time is money. The time invested in individually reviewing reports can often be more effectively allocated to enhancing business processes, promoting growth, or other areas of greater value. Additionally, it necessitates a specialized skill set and knowle ..read more

Introduction Until now, security researchers in the web3 space have faced a unique challenge in proving their worth to the world. Without a structured framework to showcase their skills, many researchers have had to rely heavily on gathering blockchain data to prove their expertise and track record. This process is time-consuming and cumbersome, whether they’re looking to secure solo audit clients or land choice security positions within a protocol. We are changing that today with the launch of the Immunefi Whitehat Awards, a formalized way for security researchers to measure their bug bo ..read more

Summary On July 15th, the whitehat @F4lt responsibly disclosed a high severity vulnerability to Sui’s bug bounty program through Immunefi. This vulnerability had the potential to cause a significant disruption by enabling an attacker to crash the validator nodes of the Sui blockchain, resulting in a temporary total network shutdown. Fortunately, thanks to the whitehat’s swift discovery and report via Immunefi, the Sui team was able to quickly remediate the issue. Thanks to the quick actions of both the whitehat and the protocol, the interrupted. Whitehat @F4lt was awarded a bounty of $50 ..read more

Summary On August 11, 2023, whitehat GothicShanon89238 submitted a critical vulnerability to Balancer via Immunefi, which consisted of a rounding error of ERC4626LinearPools combined with flashSwap. At the time of the submission, all value in Boosted Pools could be drained by the attack, which was 20% of Balancer’s $1 billion TVL at the time. Balancer quickly took measures to remediate the bug after receiving GothicShanon89238’s report. Both Balancer and the whitehat collaborated on an effective solution to mitigate the vulnerability by performing all possible mitigation measures, disclos ..read more

Today, we’re launching a new Vaults System that enables projects to deposit assets into their own sovereign vault to pay bug bounty rewards. SSV and Ref Finance are joining us as the first two projects to deploy vaults, with SSV depositing a huge $1 million into their vault to demonstrate that they have funds specifically allocated to paying out whitehats. And even more projects are set to launch their vaults this week. Any project on Immunefi is eligible to sign up for a Vault. It’s free, and it takes just 10 minutes. It’s simple. With the Vaults System, projects on Immunefi&n ..read more

Introduction In the early days of crypto, you could easily subsist without knowing or using more than just one “home” chain. But today, multi-chain has become the dominant paradigm. Web3 is formed out of hundreds, if not thousands of blockchains, each one with its own features, aims, and goals. With each new addition, the web3 ecosystem is becoming more complicated. With the addition of interaction between both emergent and mature chains, Web3 security has become a complex and multilayered issue, especially when dealing with Layer 1’s, Layer 2’s, Layer 3’s, and even Layer 0 blockchains. I ..read more