A whitehat (ethical security hacker) who goes by the pseudonym satya0x, on February 24th, responsibly disclosed a critical bug in the Wormhole core bridge contract on Ethereum and earned $10 million in a largest bounty record.
This bug was an upgradeable proxy implementation self-destruct bug that helped prevent a potential lockup of user funds. This particular responsible disclosure is yet another example of the immense strategic value that running a multi-million dollar bug bounty program can have for Web3 security programs.
Wormhole was amazingly fast in its response to the bug report, verifying and fixing the issue on the same day it was reported. No user funds were lost, thanks largely to the fact that this issue was responsibly disclosed via Wormhole’s bug bounty program, hosted by Immunefi.
Wormhole paid satya0x a record bug bounty of $10 million dollars for the find. It’s one thing to create a program with a really high top payout, but Wormhole has proven that they are very serious about paying top-dollar to help mitigate security issues in partnership with the white-hat community.
Security bugs in software are a fact of life and Web3 is no exception. They exist in every program and every protocol. What’s important, however, is how seriously a protocol takes security. That can be the difference between success and failure. Clearly, the Wormhole team takes the security of their platform very seriously and demonstrated their commitment by both having the world’s largest bug bounty program and paying out this record breaking bounty.
Wormhole is sending a clear message with this payout to the best, most talented whitehats on the planet that if they responsibly disclose security vulnerabilities to Wormhole, they’ll be well taken care of. Everyone wins in this arrangement, especially Wormhole’s users.
Immunefi is pleased to have facilitated this responsible disclosure using our platform. Our goal is to make Web3 safer by incentivizing hackers to responsibly disclose bugs and receive clean money and reputation in exchange.
To better understand the bug, let’s first dive into an explanation on what proxies are and how they work. Then, we’ll discuss the specific proxy issue at play here, the uninitialized proxy.
Discover more from DiutoCoinNews
Subscribe to get the latest posts sent to your email.