Alpaca Finances Partners with Bug Bounty Protocol Immunefi, Will Host a Bounty

The Alpaca team hopes the partnership will boost user confidence in the safety of the project.

By
Chung Yee
on
June 16, 2021
Category:
BSC News

Community First

On June 14th, Alpaca Finance announced via Twitter that they have partnered with Immunefi to step up efforts in improving security. Immunefi is one of the largest bug bounty platforms on the blockchain with more than $20 million in rewards to be offered. This partnership aims to improve the Alpaca’s DeFi platform by giving its community the peace of mind from any glitches or exploitation in its protocol, as well as giving them a chance to offer solutions to mitigate any potential risks.

The growing number of exploits in the DeFi community of late has been a concern for the community. This concern is addressed through a proactive campaign by Alpaca to reward bounty hunters for successful detection of bugs and implementation of preventive measures. 

Immunefi’s Vulnerability Severity Classification System

Immunefi rewards users for the discovery of smart contract vulnerabilities according to the impact of the vulnerability. This is classified through Immunefi’s ‘Vulnerability Severity Classification System’. The system breaks down the vulnerabilities into 5 categories ranging from critical, high, medium, low, and none. The scale has 3 metrics that contribute to the classification. 

1. Consequence of successful exploit

2. Level of access that is required for the exploit

3. Probability of a successful attempt in exploiting the vulnerability

Source

 One example of a Level 5 (critical) threat is where the contract’s holding is emptied or frozen. This can be done through economic attacks, flash loans, reentrancy, logic errors, and integer over/under flow. On the other hand, a contract that fails to deliver on its promised returns but does not lose its value is categorized as a Level 2 (low) threat. 


How to Participate in the Bug Bounty

Interested participants must include a complete description of the bug and instructions to reproduce the issue or a Proof of Concept (PoC). A higher value is attached to reports that include problem solutions, and will be reflected by a higher likelihood of receiving full reward according to the severity classification tier. Payouts are handled by the Alpaca team, denominated in USD and paid in $BUSD.    

Source: Tiers of classification and bounty offered


Flash Loan Exploits on Binance Smart Chain (BSC)

Perhaps the largest incentive for Alpaca to scrutinize their platform security is the troubling trend of flash loan exploits. The latest trend of using flash loans to exploit and drain-off liquidity pools in DeFi platforms has rocked the trust of investors. Apart from suffering financial losses, the platform also loses the confidence of its community when such an exploit happens. Here is a short list of BSC protocols who have recently suffered an exploit in their smart contract. 

February 11, 2021 - IceCreamSwap was exploited and 6,000 BNB tokens were stolen by the hackers. 

May 2, 2021 - Spartan Protocol was hacked and a sum of $30 million was drained from its Liquidity Pool.

May 7, 2021 - ValueDeFi was hacked and suffered losses of $11 million

May 16, 2021 - bEarn.Fi lost a total sum of $10.86 million in a series of flash loan attacks.

May 20th, 2021 - PancakeBunny faced 97% correction in price after a flash loan exploit.

The list of hacks through vulnerabilities in the smart contract has revealed that much needs to be done to improve on patching up the loopholes that can be exploited. By partnering with Immunefi and offering the community a chance to find bugs in the project, Alpaca is increasing user trust in their platform. Their transparency and willingness to engage the community in the process is crucial for building a rapport that will increase adoption.


By the Alpacas, For the Alpacas

This additional effort by Alpaca apart from a standard smart contract audit is a good practice. Any reduction of risk through proactive initiatives by the platform operator will increase the likelihood of a new investor trusting the protocol. By incentivizing their community to participate in project security measures, Alpaca is proving their dedication to transparency - something that will elevate their reputation in the long haul.


What is Alpaca Finance?

Alpaca Finance is a community owned project that allows lenders safe and stable yield and borrowers to get loans for leveraged yield farming positions undercollateralized. This allows the borrowers to multiply their farming principals and the resulting profits. The project has partnered with other promising BSC projects like Wault Finance in an effort to expand the reach of the platform.

Tags:
No items found.
Chung Yee

Chung Yee has a legal background and has been involved in research works for the legal and compliance industry. Writing is his passion, centered on topics such as the blockchain and finance.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.