The Idle bug bounty program is live!
The governance fortifies the protocol’s security by launching a program on Immunefi, a bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities and make crypto safer.
Thanks to the Armor Alliance bug bounty challenge, rewards up to $500’000 are allocated for critical vulnerabilities. The Idle bug bounty program would now be the 6th highest on Immunefi!
The Idle protocol’s smart contracts passed through 4 full audits by Quantstamp, and the security focus has always shaped the product development strategy. The need for a structured incentivization mechanism came up looking at the industry-standard approaches, where on-top security reviews performed by external parties have increased the integrity and resiliency of the protocols.
Inspired by other similar initiatives, the Idle Governance recognized the importance of bug hunters in keeping the protocol safe and broadly discussed the bug bounty setup.
Through a formal voting process, the Temperature Check settled the program parameters and kicked off the initiative.
The bug bounty program aims to prevent the loss of user funds, encouraging the responsible disclosure of security vulnerabilities related to the Idle protocol V4 smart contracts.
The vulnerability’s impact determines the final reward based on the 5-level Immunefi Classification System and Aave bug bounty. The bounty for critical bounty payouts can not exceed 10% of the funds at risk, capped at $500,000 max rewards.
The Idle Governance and its Pilot League directly handle payouts below $ 250,000.
Payouts under $10,000 are executed in $USDC. Bounties above that threshold receive the rest in $IDLE, up to the total of $250,000.
For payments above $250,000, the remainder is paid in $ARMOR by the ArmorFi team under the Armor Alliance Bug Bounty Challenge with a vesting period of up to 24 months.
Security: the key challenge for DeFi mass adoption
The DeFi ecosystem is still in its early days, and it requires many improvements before being suitable for the general audience.
Crypto natives can overcome user design hurdles and market volatility but are reluctant to interact with protocols that suffered attacks.
Past hacks demonstrated that those events heavily affect the protocol’s growth: the brand is no longer solid, users’ confidence is gone. Even months after an accidental event, crypto holders are diffident to deposit funds.
Hesitation is much more evident for users coming from the TradFi world. The volatility of the interest rates is not a barrier to entry, but this user base requires strong guarantees that they will always have the possibility to withdraw deposited funds.
The Idle bug bounty program goes in this direction, reinforcing the protocol’s defensive structure.