We speak a lot about security these days because it’s one of the major challenges holding crypto back in further adoption. We believe it should be the number one topic for everyone, users and projects alike, because it doesn’t matter how innovative or unique a project is if it’s not secure.
Blockchain development, and dApps in particular, are evolving at an incredible pace, and the demand for experienced developers is much higher than the existing talent pool. It’s hard to find blockchain security specialists. The demand for digital security is tremendous across all industries, not just blockchain, and there are just not enough professionals in this field to cover everything.
Introducing “Priority ONE” bounty program
To ensure that the community can use Binance Smart Chain dApps in a safe environment, we will create an attractive joint bounty program for bounty hunters, white hats, and ethical hackers. This joint bounty program aims to continuously improve software security and lifecycle management, provide risk controls, and attract more proactive penetration testing to identify issues early.
We aim to create a $10 million USD bounty pool that will reward all bounty hunters for disclosing verifiable attack vectors or security flaws across up to 100 dApps. The rewards will be fairly distributed on an individual basis based on the severity and exploitability of the discovered vulnerability.
Funding schedule for 100 dApps
Starting this month, BSC Accelerator Fund will establish a BNB bounty pool worth $3 million to support the initial 30 dApps.
In October, we aim to raise a new BEP (Binance Chain Evolution Proposal) proposal to the existing BSC validators with a request to dedicate a certain percentage (e.g., 1%) of the daily block rewards toward the bounty pool. If this BEP receives support from the validators, it should help us raise the final goal of $10 million USD in BNB rewards. The community can then use this to support up to 100 dApps in total over the next 6-12 months.
How does the joint bounty pool work?
The BSC core team will manage the initial $3 million BNB bounty pool, review all disclosures, and assess the reward size. The pool will be used to boost bug bounties received by eligible disclosures.
The joint bounty pool works as following:
- The pool will top up an extra max. 50% of the bounty reward paid out by eligible projects for high and critical issues.
- All high and critical disclosures will require review by PeckShield, CertiK, Immunefi and or the Binance security team. The eligibility of the bounty is up to the discretion of the BSC Core team.
- Each partner project can receive a combined reward of $100,000 max per year.
Please note: Multi-chain deployed dApps can receive reimbursement only for BSC-related disclosures.
Who can apply for the Priority ONE bug bounty program?
This program is available to all projects building on the Binance Smart Chain that meet the following criteria:
- The project must have at least two (2) audits or security certifications with a positive result from reputable security firms.
- The project must show a serious dedication towards improving their security and fund at least $100,000 USD towards their bug bounty program (internal or 3rd party such as Immunefi).
The application process for the Priority ONE bug bounty is simple and takes just a few minutes. If you want to apply with your project, submit your application here.
If you're a white hat or security organization, we invite you to follow this program and explore the different bounty programs offered by projects building on the Binance Smart Chain network. Security is the top priority of all BSC ecosystem participants, and there are many attractive incentives that will reward you for your work.
We encourage you to follow the responsible disclosure process and work with respective projects on their security. Your contributions will not go unnoticed.