Compound Finance Launches $1M Bug Bounty to Strengthen DeFi Security

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Author Profile

Share

Copied

Last updated: 

December 12, 2024

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Compound Finance, a leading decentralized finance (DeFi) protocol, has launched a $1 million bug bounty program in collaboration with blockchain security platform Immunefi.

This initiative aims to strengthen the security of its protocol and foster trust in its ecosystem by incentivizing researchers to identify vulnerabilities.

The bug bounty program, announced on December 12, invites security researchers to uncover flaws in Compound’s systems. The payouts are based on the severity of the vulnerabilities discovered and can range from $1,000 for low-risk issues to $1 million for critical exploits.

These rewards will be paid in COMP, Compound’s native token.

How Confident Is Compound Finance on Their Security?

Compound Finance, founded in 2017 by Robert Leshner and Geoffrey Hayes, operates as an algorithmic money market platform. It enables users to borrow and lend cryptocurrencies while earning or paying interest rates determined by supply and demand. Compound has attracted backing from notable investors such as Andreessen Horowitz and Bain Capital Ventures.

The launch of this bug bounty program follows a significant year for Compound, particularly as DeFi has faced heightened scrutiny following high-profile exploits.

For instance, in October 2023, a fork of the Compound protocol, known as Onyx Protocol, suffered a $2.1 million exploit due to a known vulnerability in its inherited code.

While Compound itself has not encountered a direct exploit of this nature, the event is a close warning for Compound, which resulted in heightened security, such as in this newly launched bounty program.

Compound’s latest protocol iteration, Compound III, also introduces streamlined features that enhance scalability and efficiency.

These latest security developments also ensure the robustness of its infrastructure, maintaining user trust and safeguarding billions in total value locked (TVL).

Bug Bounty Program Details

The bug bounty program aims to engage a global network of security researchers to scrutinize its systems by leveraging Immunefi’s platform, which provides easy access.

The reward structure is tiered, with critical vulnerabilities offering payouts of up to $1 million or 10% of affected funds, whichever is lower.

This structure ensures that the most severe threats, such as those enabling theft or freezing of funds, are addressed swiftly and effectively.

The Compound DAO will handle payouts, with USD-denominated rewards converted into COMP tokens based on average market prices at the report submission time.

The program also includes safeguards for repeatable attacks, where compromised smart contracts cannot be paused or upgraded. In such cases, the reward will be calculated based on the total cumulative damage, ensuring comprehensive coverage for potential threats.

Bounty Boom in Crypto

Nowadays, bug bounty has become a tool for testing platform security.

According to a recent report, Uniswap Labs launched a record-breaking $15.5 million bug bounty program targeting vulnerabilities in its v4 core contracts.

This initiative aims to strengthen the security of Uniswap v4’s core infrastructure, which introduces innovative features like hooks for customizable pool interactions and cost savings for liquidity providers and swappers.

Developers who identify unique vulnerabilities must maintain confidentiality until issues are resolved, and qualifying submissions may earn public recognition alongside rewards in USDC.

The program follows extensive security measures, including nine independent audits and a $2.35 million security competition, as Uniswap prepares for deployment.