Be the First to Know
Subscribe to the Wormhole newsletter for exclusive updates.
Developers
Ecosystem
26 Sep 2022
•2 min read
Share:
As many of you already know, Wormhole hosts two of the largest bug bounty programs in existence, with top-end payouts of $10,000,000 USDC for the most critical of bug classes. You can find more details about those programs here.
A topic of regular discussion among Wormhole project contributors is how the program can be made better. The contributor base truly understands the strategic value that bug bounty programs have in complementing the Wormhole security program. We also have the opportunity to work with some of the best white-hacker hackers in the world, so we asked them…
What is the most important change you’d like to see to the bug bounty program? And oddly enough, the signal was crystal clear…
“Offer a pre-release bounty program that makes scopes available before mainnet”
When you run a bug bounty program, you need to define what specific items are in scope. And up to this point, the only in-scope areas for Wormhole have been smart contracts and guardian code deployed for mainnet. So the ask essentially is to have this new functionality available within the bug bounty before this code is fully deployed for mainnet.
We wanted to highlight some of the benefits this would have to various stakeholders of Wormhole:
As the incentives are well aligned, we are announcing today the launch of the Wormhole Bug Bounty Pre-Release program. This program aims to maintain the same reward structure as if a bug was found on mainnet, but with additional benefits of bugs being discovered before they are deployed on mainnet.
The following new chain integrations are now added as pre-release bug bounty scopes and are available for white-hat hackers to start claiming bounties today:
We’re excited about this new chapter in the evolution of the Wormhole bug bounty program and look forward to all parties involved reaping the benefits mentioned above. We’re also really open to new and innovative ways to push the bounty program forward, so if you have feedback, please reach out to a community manager on Discord -OR- find and report a bug and let us know!
Until next time, happy hacking, and thank you all for your contributions to keeping Wormhole safe and secure!
Here’s your chance to get in on this one.
Take a deep dive into our ever-evolving discussion on xChain technologies, new feature announcements, research, and more.