Decrypt’s Art, Fashion, and Entertainment Hub.
"Heads down, time to build," is a popular slogan used by blockchain builders when the market is down. Immunefi, a bug bounty platform that offers rewards for finding security holes in blockchain projects, is making sure that builders are diligent about securing their projects.
Alejandro Muñoz-McDonald, a smart contracts engineer at Immunefi, says he sees bug bounties becoming a part of the core security model across Web3 platforms.
"I think one misconception [is] that bug bounties are optional," Muñoz-McDonald told Decrypt at this year's Messari Mainnet. "Projects should be expected to have these programs."
Last month, Framework Ventures led a $24 million Series A funding round for Immunefi. This follows a $5.5 million raise last fall.
"I think we can look at Immunefi in five or seven years and think of it as one of the largest security providers in Web3," Framework Ventures' Michael Anderson to Decrypt at Messari Mainnet.
Launched in December 2020, Immunefi offers bounty programs for ethical hackers—also known as whitehats—where security researchers can review code, disclose vulnerabilities, and get rewarded for their efforts.
"When Immunefi started, we were mostly concerned with EVM-based blockchains," Muñoz-McDonald says. He explains that Immunefi has recently expanded beyond Ethereum Virtual Machines to include projects built on the Solana blockchain, with plans to include additional blockchains in the future.
On its website, Immunefi says the platform "guards" over $25 billion in user funds across projects including Synthetix, Chainlink, SushiSwap, PancakeSwap, Bancor, Cream Finance, Compound, Alchemix, Nexus Mutual, and others.
"It's really up to the project how they want to price their bounties," Muñoz-McDonald says. "We encourage the 10% of Total Value Locked (TVL)."
He says bounties of Immunefi range in rewards from $1,000 to $10 million.
As Muñoz-McDonald explains, in addition to providing bounties, Immunefi aims to promote transparency by providing information on the bug and how developers fixed it, saying that the Web3 security and broader blockchain community have responded positively to the openness of the platform.
"Not only does that give people confidence in the project, it also helps onboard more security researchers into the space and to educate people on what things to look out for," he says.