The crypto community is grappling with issues surrounding bug bounty programs, a crucial mechanism for discovering and addressing system vulnerabilities.
Usmann Khan, a web3 security auditor, posted on Aug. 17, “Remember that projects can simply not pay, whitehat,” with a screenshot of a message from Immunefi indicating a project had been removed from its bug bounty problem for failure to pay a minimum of $500,000 in bounties.
In response, security researcher Marc Weiss shared the ‘Bug Bounty Wall of Shame’ (BBWoS), a list documenting unpaid rewards allegedly owed to white hat hackers in web3. The data from BBWoS appears to signal a significant lack of accountability and trust within the crypto ecosystem that cannot be ignored.
The BBWoS indicates that a bug bounty for the Arbitrum exploit of Sep. 2022 had a $2 million reward. Yet, the white hate was awarded just $780,000 for identifying an exploit that exposed over $680 million.
Further, BBWoS states the CRV borrowing/lending exploit on Aave from Nov. 2022 led to the loss of $1.5 million, with $40 million at risk, and no bounty was paid to the white hat who identified the attack path “days before.”
Lastly, in April this year, just $500 was paid to a white hat who reportedly identified a way for managers to steal up to $14 million worth of “tokens from users using malicious swap paths” after being told by dHEDGE that the issue was “well-known.”
The list was created by whitehat hackers “tired of spending sleepless nights finding bugs in protocols only to have a payout of $500 when the economic damage totals in the millions,” with the creator stating,
“I created this leaderboard to help inform the security community as to the projects that don’t take security seriously so we can avoid them and spend time on the projects that do.”
The need for in-house auditors in DeFi.
In his presentation at the DeFi Security Summit in July, Weiss highlighted auditors’ critical role at various…
Click Here to Read the Full Original Article at Ethereum (ETH) News | CryptoSlate…
