The first decentralized metaverse, Decentraland, launches its Bug Bounty Program on Immunefi.
The program, which launched on July 5, requires that participants referred to as Bug Hunters submit reports on bugs found on the Decentraland metaverse. To participate in this program, users must complete a KYC process.
🐞The #Decentraland Bug Bounty program is live on @immunefi! We're calling all bug hunters to help strengthen the security of the platform. Debug our smart contracts and win up to $500,000.
Details -> https://t.co/zlwUSGJZML— Decentraland (@decentraland) July 5, 2022
Decentraland is a decentralized digital social platform built on the Ethereum blockchain. Users on the platform can create, monetize and experience content and applications. The platform is built, owned, and governed by users, and through its decentralized autonomous organization; users can present proposals for owners of LAND and MANA to vote on.
What are the Rewards by Threat Level?
Decentraland will share rewards based on the effect of the vulnerability being reported as classified by Immunefi Vulnerability Severity Classification System V2.1. Participants must send in the reports on app/ web bugs with a PoC and an end-effect on asset-in-scope to be considered for rewards. Decentraland highlights that all reported Smart Contract bugs with a PoC and recommendations for a fix are eligible for a reward. Statements and explanations are not regarded as PoC. Also, all high smart contract vulnerabilities will be calculated as a fraction of the damage to the economy. The percentage is 0.1% and it is capped at $500,000 and the minimum reward is $20,000 considering branding and PR, which are at the team’s discretion.
What Vulnerabilities are ineligible for Rewards?
- Collections that are missing the ERC165 interface registration
- Vulnerabilities that are marked in the Decentraland audit documents
- Estates featuring the getFingerprint function that run out of gas for Estates larger than 4000 $LANDs
The payout of rewards will be handled directly by the Decentraland team and will be done in USD denomination. The actual payouts will be in USDT and MANA. 20% of the reward will be in USDT.
Highlights of the Reward Categories
Smart Contract:
- High-Level Vulnerability: Up to $500,000
- Medium Level Vulnerability: $20,000
- Low-Level Vulnerability: $1,000
Website and Application:
- Critical Level of Vulnerability: $18,000
- High Level of Vulnerability: $6,000
- Medium Level of Vulnerability: $3,000
- Low Level of Vulnerability: $1,000
Participants are also encouraged to submit reports that are not included in the scope of vulnerability but can affect other assets on the Decentraland metaverse.
