Neo has initiated a new bounty program to be hosted on Immunefi, a leading bug bounty platform for Web3. Effective Jan. 7, 2022, and running as a long-term initiative, users can audit the Neo blockchain infrastructure to discover and disclose potential security vulnerabilities in exchange for rewards. Base bounties of up to US $100,000 are available for valid issues, awarded according to a pre-defined severity structure.
Immunefi is a chain-agnostic bug bounty and security services platform for Web3, aiming to bring together projects and hackers to the mutual benefit of both. Hackers can discover and responsibly disclose bugs, allowing projects to patch these vulnerabilities and reward the hacker for their efforts. According to the Immunefi website, throughout 2021 the platform facilitated the disclosure of 57 vulnerabilities across all of their hosted blockchain projects, to the tune of $1.7 million in payouts, preventing an estimated $28.9 million worth of funds from being affected.
Neo Global Development has allocated a sizeable pool of reward funding to this new initiative. Participants who discover a potential vulnerability pertaining to Neo’s infrastructure can disclose the issue through the Immunefi portal. The Neo team will investigate all submissions on a best-effort basis, and reward valid issues according to the following bounty structure:
- Critical (issue that would result in severe asset loss): Up to $100,000
- High (issue that would result in all networks to fail): Up to $50,000
- Medium (issue that would result in single node failure): Up to $20,0000
- Low (other valid issue): Up to $5,000
Users who first report on a specific valid issue will be rewarded according to the relevant bounty tier. Payments will be made in NEO, equivalent to the USD amount of that tier. Higher reward amounts than those described above may be paid for certain vulnerabilities which are of particular interest and criticality, at the discretion of the Neo team.
The full details of the Immunefi collaboration announcement can be found at the link below: