- Compound Finance launches a bug bounty program with Immunefi, offering up to $1M in rewards for finding vulnerabilities.
- Rewards for identifying critical bugs in Compound’s code can reach $1M, with payouts made in COMP tokens.
- The bug bounty program follows a security breach in Onyx Protocol, reinforcing Compound’s commitment to DeFi security.
DeFi lending protocol Compound Finance has kicked off its bug bounty program with Immunefi, a technology company. Being one of the biggest bug bounty programs in the world, the program pays out the maximum of $1 million for a bug that affects the platform’s code.
Compound Finance Bug Rewards
Immunefi disclosed on the 12th Dec that it is inviting security researchers to join its bug bounty program with the aim of pinning down flaws in the Compound protocol. Bounties will be a function of the severity of the bug – with maximum payout of up to $1M for critical bugs. Severities of above average vulnerability will be paid starting at $500 while less severe vulnerabilities will be paid at $1000. All payments will be made in COMP tokens, and although these tokens are valued in USD, the dollar amount will be clear. This move shows that Compound Finance remains dedicated to protecting the Decentralized Finance environment from risks.
Launched in 2017 with Robert Leshner and Geoffrey Hayes as its founders, Compound Finance is among the most popular projects in the field of decentralised lending and borrowing. It allows users to get passive income on their crypto assets or borrow funds without the involvement of the third party. In the past, Compound has been able to secure big name investors such as Andreessen Horowitz (a16z), Bain Capital Ventures, and Polychain Capital. It works on several blockchains such as Ethereum, Polygon and Arbitrum thus positioning itself well within the DeFi space.
Strengthening Security with Bug Bounty
The bug bounty program was revealed after an incident related to Onyx Protocol, a fork of Compound. In October 2023, a vulnerability resulting from Compound code was used, and the system lost $2.1 million. The attack occurred due to a known rounding problem within the code of the protocol. Compound Finance has not faced such direct cases, yet one has to prevent such scenarios from happening.
In this regard, Compound Finance has made an essential step to prevent possible threats and, therefore, has declared the start of this bug bounty program. In order to ensure that users keep the platform safe, the platform has just launched a bug bounty program where security researchers will be rewarded for their efforts towards preventing future attacks in the DeFi space.
