/

Proposals

XIPsIRsWGCsRCsTRFs
Back to all TRFs
TRF-3

Immunifi Bug Bounty

authorEgor
statusImplemented
created2024-05-30

Summary

Infinex has approved an Immunifi bug bounty program with a maximum bounty of $1,000,000 USD.

Overview

Immunefi bug bounties are one of the most effective mechanisms for securing production code. By approving a $1,000,000 bounty Infinex is incentivising white-hats to prioritise the review of Infinex's production system.

Rationale

Securing production infrastructure requires a holistic approach, including testing and audits prior to deployment, as well as incentivised bounties post deployment. Immunefi is the industry leading bug bounty platform which aims to attract the best white-hat hackers to properly disclose bugs for a fee.

Outcome

The Immunefi bounty program is live and can be found here: https://immunefi.com/bug-bounty/infinex/

The program includes a variety of critical, high, medium and low level risks Infinex will reward, a high level summary is outlined below:

Rewards are based on the Immunefi Vulnerability Severity Classification System V2.3.

Critical Level Reports

  • Reward Amount: 10% of the directly affected funds, up to USD 1,000,000.
  • Minimum Reward: USD 50,000 to incentivise reporting.
  • Calculation Basis: Based on the time and date of the bug report submission.

Repeatable Attack Limitations

  • Upgradeable/Pausable Contracts: Only the initial attack is considered for a reward.
  • Non-Upgradeable/Pausable Contracts: Cumulative impact of repeatable attacks is considered, capped at the maximum critical reward.

High Level Reports

  • Theft/Permanent Freezing: Rewards range from USD 5,000 to USD 10,000, depending on the funds at risk.
  • Temporary Freezing: Reward doubles from the full frozen value for every additional 24 hours of freezing, up to the high reward cap.

Reward Payment Terms

  • Payouts: Handled directly by the Infinex team, denominated in USD, but paid in USDC at the team's discretion.

Treasury has approved a maximum bounty of $1,000,000 USD to Immunefi and will periodically review this bounty and increase it as needed or the TVL of the platform grows.

Specification

The most recent and up to date specification can be found on the immunefi platform under Infinex Bounty.

https://immunefi.com/bug-bounty/infinex/

Contribute to Proposals on GitHub