PancakeBunny, through its collaboration with ImmuneFi, has beefed up efforts to improve its platform security through a bug bounty program offering staggering rewards
PancakeBunny, a popular decentralized finance yield aggregator on Binance Smart Chain (BSC), was exploited a month ago, resulting in a 97% price dip. This attack has raised many concerns, especially for decentralized finance (DeFi) protocols that rely heavily on smart contracts. Seeking to make amends for the previous exploit, PancakeBunny partnered with Immunefi to offer an attractive bug bounty program that boosts rewards of up to half a million dollars to successful participants.
Immunefi is a leading bug bounty platform for the blockchain, with more than $20 million rewards available on its various bounty programs. Bounty programs encourage participants to contribute to the security of platforms on the blockchain by identifying threats and vulnerabilities. The reward will be based on the category of risk identified by the successful participant.
The purpose of bounty programs is to reward ‘whitehats’ that successfully disclose vulnerabilities in the platform. Whitehats are ethical hackers that are permitted to expose cybersecurity vulnerabilities to prevent future exploitation. This is the opposite of ‘blackhats,’ who are hackers aiming to exploit vulnerabilities for personal benefits. Most of the time, the purpose is to commit theft with blackhats.
The bounty program is focused on specific areas of vulnerability on the platform. They usually cover the smart contract and the application. The main focus areas are scams like thefts of funds, governance disruption, flash loan attacks, oracle manipulation, and reentrancy attacks.
Immunefi has developed a vulnerability severity classification system that uses a scale to categorize the consequence of exploitation and the likelihood of a successful exploit. The category of impact ranges from critical to none. Examples of a critical bug would be a situation where the contract’s holding can be drained off. One such example is flash loan attacks. At the same time, other categories of bugs may not impact the assets held on the smart contract.
To be eligible for the reward, users must submit reports with Proof of Concept (PoC). Serious vulnerabilities will be classified as ‘critical’ if it impacts $100,000 of assets or greater. If the report is classified as high but has an impact of $100,000 or greater, it gets reclassified as ‘critical.’
For reports on the smart contract and blockchain, the rewards for the tiers are as follows:
Critical Level — USD $500,000
High Level — USD $40,000
Medium Level — USD $5,000
Low Level — USD $1,000
There are two main conditions to the program. The vulnerabilities must specifically relate to the list of assets, and the impact must be specified in the program. Web and app vulnerabilities that directly affect the assets listed in the table are accepted for the bug bounty reward. Other discrepancies found would be classified as out-of-scope. The reference of the listed assets is provided in this link.
Impacts that are accepted in the program are specific but limited to the following:
1. Thefts and freezing of principal of any amount
2. Thefts and freezing of unclaimed yield of any amount
3. Theft of governance funds
4. Governance activity disruption
1. Redirected funds by address modification
2. Site goes down
Immunefi’s Armor Alliance
Bug Bounty programs launched on Immunefi are entitled to Armor Alliance Bug Bounty Challenge by a smart insurance aggregator. This program matches the bounty reward for Armor’s partners to host their bounty program with Immunefi. The incentive structure encourages DeFi protocols to launch bug bounty programs to decrease the risk of potential exploits. The idea is, if the bounty is big enough, it will encourage potential hackers to make responsible disclosures and claim the incentives rather than draining the contract.
The entire bounty exercise is innovative and is important because it prioritizes safety. Seriousness to safety should be the main feature for all DeFi protocols. Bug bounty programs are a responsible practice for any protocols that are susceptible to exploits. The partnership with Armor creates more incentives for a concerted effort from the community hunting for the lucrative bounty. It is a win-win situation for all parties.
What is PancakeBunny
PancakeBunny is a decentralized cross-chain yield aggregator. The platform, which runs on both Ethereum and Binance Smart Chain networks, uses various strategies and rewards to enable investors to optimize their yields. PancakeBunny is one of the largest yield aggregators across ETH and BSC. The platform is used for both PancakeSwap (CAKE) and Venus (XVS), The project hopes to launch on Polygon (MATIC) soon.
Source : bsc
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.