LayerZero Labs has launched a bug bounty on the Immunefi platform that offers a maximum reward of $15 million for critical smart contract and blockchain vulnerabilities, a figure that sets a new record in the crypto space.
Bug Bounty programs are initiatives launched by companies and software developers to reward security researchers who identify and report bugs on their platforms.
Their goal is to incentivize ethical “white hat” hackers to uncover unknown security vulnerabilities affecting their products so that they can be patched before malicious actors exploit them in attacks.
LayerZero Labs is the creator of the LayerZero blockchain messaging protocol which enables secure communication on 30 different blockchains.
Since its launch in March 2022, LayerZero has facilitated the exchange of 10 million messages and is currently valued at $3 billion.
Through the launch of the largest bug bounty program in history, LayerZero Labs aims to show its commitment to security and instill confidence in its communication protocol.
THE LayerZero bug bounty program will distribute rewards to security researchers based on the severity level of their discoveries and impacted blockchains.
Critical severity findings will be considered exploits that result in permanent lockout, loss or theft of user funds, or attacks that result in permanent denial of service (DoS).
Manipulation of governance vote results and modification of LayerZero default settings will be considered high severity issues.
Attacks that provide no benefit to the attacker but nevertheless cause harm to users of the LayerZero protocol will be classified as medium severity findings.
The highest paying category is Group 1, which is for critical bugs affecting Ethereum, BNB Chain, Avalanche, Polygon, Arbitrum, Optimism, and Fantom.
- Critical vulnerabilities findings on Group 1 pay between $250,000 and $15,000,000.
- High Severity Rifts are worth between $25,000 and $250,000.
- Medium severity vulnerabilities will pay between $10,000 and $25,000
- Low severity issues have the still notable payout range of $1,000 to $10,000
For Tier 2, which is all other blockchains supported by LayerZero, the maximum payout is $1,500,000 for critical discoveries, $25,000 for high severity, $10,000 for medium, and $5,000 for low impact rifts.
All payments will be processed directly by LayerZero Labs, made in Fiat USD via wire transfer or USDC, USDT and BUSD.
A sample proof of concept (PoC) to demonstrate the practical feasibility of the attack will be required for a submission to be considered valid.
Additionally, to receive a reward, bug bounty hunters must go through KYC and pass an OFAC check to confirm that they are not sanctioned by the Office of Foreign Assets Control. List of Specially Designated Nationals.