Chainlink Bug Bounty to Payout $100k For Critical Vulnerabilities 13

Chainlink Bug Bounty to Payout $100k For Critical Vulnerabilities

In brief:

  • Chainlink has extended its bug bounty program to provide $100k for the disclosure of critical vulnerabilities
  • The payout will either be in cash or LINK
  • The Chainlink bug bounty program will be available through Gitcoin and HackerOne
  • Chainlink’s goal is to guarantee a secure oracle infrastructure for its smart contracts

The team at Chainlink has announced that the project will be expanding its Bug bounty program to ‘provide $100,000 in cash or LINK for the responsible disclosure of critical vulnerabilities in the Chainlink codebase’. Additionally, the Chainlink bug bounties will be available via Gitcoin and Hackerone.

Bug Bounty to Secure Chainlink’s Oracle Infrastructure for its Smart Contracts

The expansion of the Chainlink bug bounty program will support individual developers and security engineering teams who have continually aided in the resilience and robustness of the network. The team further explained that the developer and security communities were an essential cog in guaranteeing the safety of the Chainlink infrastructure.

The primary goal of expanding the Chainlink Bug Bounty Program is to both increase our support of the whitehat developer and security community for their continuous hard work, as well as ensure Chainlink’s core infrastructure can become even more robust and resilient against potential vulnerabilities.

As the most widely used decentralized oracle solution in the smart contract space, we take security measures extremely seriously, and are always looking to increase the number of eyes that are reviewing the Chainlink codebase as a means of further protecting user funds and the DeFi ecosystem as a whole.

Additional Bonus for Reported issues Affecting a Chainlink Node

The team at Chainlink further highlighted the following areas of interest for the investigation of bugs.

  • the Solidity-based smart contracts and Golang/TypeScript-based Chainlink core node software
  • issues that would lead to the integrity of a Chainlink node or network being compromised, misreporting data, experiencing downtime, or resulting in a direct loss of funds are of the highest priority

To note is that bugs affecting a Chainlink node through a publicly available surface will be eligible for an additional bonus through the bug bounty program.