Last updated:
Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
Why Trust Cryptonews
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
Compound Finance, a leading decentralized finance (DeFi) protocol, has launched a $1 million bug bounty program in collaboration with blockchain security platform Immunefi.
This initiative aims to strengthen the security of its protocol and foster trust in its ecosystem by incentivizing researchers to identify vulnerabilities.
The bug bounty program, announced on December 12, invites security researchers to uncover flaws in Compound’s systems. The payouts are based on the severity of the vulnerabilities discovered and can range from $1,000 for low-risk issues to $1 million for critical exploits.
These rewards will be paid in COMP, Compound’s native token.
How Confident Is Compound Finance on Their Security?
Compound Finance, founded in 2017 by Robert Leshner and Geoffrey Hayes, operates as an algorithmic money market platform. It enables users to borrow and lend cryptocurrencies while earning or paying interest rates determined by supply and demand. Compound has attracted backing from notable investors such as Andreessen Horowitz and Bain Capital Ventures.
The launch of this bug bounty program follows a significant year for Compound, particularly as DeFi has faced heightened scrutiny following high-profile exploits.
For instance, in October 2023, a fork of the Compound protocol, known as Onyx Protocol, suffered a $2.1 million exploit due to a known vulnerability in its inherited code.
While Compound itself has not encountered a direct exploit of this nature, the event is a close warning for Compound, which resulted in heightened security, such as in this newly launched bounty program.
Compound’s latest protocol iteration, Compound III, also introduces streamlined features that enhance scalability and efficiency.
These latest security developments also ensure the robustness of its infrastructure, maintaining user trust and safeguarding billions in total value locked (TVL).
Bug Bounty Program Details
The bug bounty program aims to engage a global network of security researchers to scrutinize its systems by leveraging Immunefi’s platform, which provides easy access.
The reward structure is tiered, with critical vulnerabilities offering payouts of up to $1 million or 10% of affected funds, whichever is lower.
This structure ensures that the most severe threats, such as those enabling theft or freezing of funds, are addressed swiftly and effectively.
The Compound DAO will handle payouts, with USD-denominated rewards converted into COMP tokens based on average market prices at the report submission time.
The program also includes safeguards for repeatable attacks, where compromised smart contracts cannot be paused or upgraded. In such cases, the reward will be calculated based on the total cumulative damage, ensuring comprehensive coverage for potential threats.
Bounty Boom in Crypto
Nowadays, bug bounty has become a tool for testing platform security.
According to a recent report, Uniswap Labs launched a record-breaking $15.5 million bug bounty program targeting vulnerabilities in its v4 core contracts.
This initiative aims to strengthen the security of Uniswap v4’s core infrastructure, which introduces innovative features like hooks for customizable pool interactions and cost savings for liquidity providers and swappers.
Developers who identify unique vulnerabilities must maintain confidentiality until issues are resolved, and qualifying submissions may earn public recognition alongside rewards in USDC.
The program follows extensive security measures, including nine independent audits and a $2.35 million security competition, as Uniswap prepares for deployment.
