We speak a lot about security these days because it’s one of the major challenges holding crypto back in further adoption. We believe it should be the number one topic for everyone, users and projects alike, because it doesn’t matter how innovative or unique a project is if it’s not secure.
Blockchain development, and dApps in particular, are evolving at an incredible pace, and the demand for experienced developers is much higher than the existing talent pool. It’s hard to find blockchain security specialists. The demand for digital security is tremendous across all industries, not just blockchain, and there are just not enough professionals in this field to cover everything.
To ensure that the community can use Binance Smart Chain dApps in a safe environment, we will create an attractive joint bounty program for bounty hunters, white hats, and ethical hackers. This joint bounty program aims to continuously improve software security and lifecycle management, provide risk controls, and attract more proactive penetration testing to identify issues early.
We aim to create a $10 million USD bounty pool that will reward all bounty hunters for disclosing verifiable attack vectors or security flaws across up to 100 dApps. The rewards will be fairly distributed on an individual basis based on the severity and exploitability of the discovered vulnerability.
Starting this month, BSC Accelerator Fund will establish a BNB bounty pool worth $3 million to support the initial 30 dApps.
In October, we aim to raise a new BEP (Binance Chain Evolution Proposal) proposal to the existing BSC validators with a request to dedicate a certain percentage (e.g., 1%) of the daily block rewards toward the bounty pool. If this BEP receives support from the validators, it should help us raise the final goal of $10 million USD in BNB rewards. The community can then use this to support up to 100 dApps in total over the next 6-12 months.
The BSC core team will manage the initial $3 million BNB bounty pool, review all disclosures, and assess the reward size. The pool will be used to boost bug bounties received by eligible disclosures.
The joint bounty pool works as following:
Please note: Multi-chain deployed dApps can receive reimbursement only for BSC-related disclosures.
This program is available to all projects building on the Binance Smart Chain that meet the following criteria:
The application process for the Priority ONE bug bounty is simple and takes just a few minutes. If you want to apply with your project, submit your application here.
If you're a white hat or security organization, we invite you to follow this program and explore the different bounty programs offered by projects building on the Binance Smart Chain network. Security is the top priority of all BSC ecosystem participants, and there are many attractive incentives that will reward you for your work.
We encourage you to follow the responsible disclosure process and work with respective projects on their security. Your contributions will not go unnoticed.