PancakeBunny Offers a Handsome $500,000 Bug Bounty Through ImmuneFi

PancakeBunny, through its collaboration with ImmuneFi, has beefed up efforts to improve its platform security through a bug bounty program offering staggering rewards

By
Chung Yee
on
June 29, 2021
Category:
BSC News

Prioritizing Security

PancakeBunny, a popular decentralized finance yield aggregator on Binance Smart Chain (BSC), was exploited a month ago, resulting in a 97% price dip. This attack has raised many concerns, especially for decentralized finance (DeFi) protocols that rely heavily on smart contracts. Seeking to make amends for the previous exploit, PancakeBunny partnered with Immunefi to offer an attractive bug bounty program that boosts rewards of up to half a million dollars to successful participants.   

Source

Immunefi is a leading bug bounty platform for the blockchain, with more than $20 million rewards available on its various bounty programs. Bounty programs encourage participants to contribute to the security of platforms on the blockchain by identifying threats and vulnerabilities. The reward will be based on the category of risk identified by the successful participant. 

The purpose of bounty programs is to reward ‘whitehats’ that successfully disclose vulnerabilities in the platform. Whitehats are ethical hackers that are permitted to expose cybersecurity vulnerabilities to prevent future exploitation. This is the opposite of ‘blackhats,’ who are hackers aiming to exploit vulnerabilities for personal benefits. Most of the time, the purpose is to commit theft with blackhats. 


Bounty Framework

The bounty program is focused on specific areas of vulnerability on the platform. They usually cover the smart contract and the application. The main focus areas are scams like thefts of funds, governance disruption, flash loan attacks, oracle manipulation, and reentrancy attacks. 

Immunefi has developed a vulnerability severity classification system that uses a scale to categorize the consequence of exploitation and the likelihood of a successful exploit. The category of impact ranges from critical to none. Examples of a critical bug would be a situation where the contract’s holding can be drained off. One such example is flash loan attacks. At the same time, other categories of bugs may not impact the assets held on the smart contract. 

To be eligible for the reward, users must submit reports with Proof of Concept (PoC).  Serious vulnerabilities will be classified as ‘critical’ if it impacts $100,000 of assets or greater. If the report is classified as high but has an impact of $100,000 or greater, it gets reclassified as ‘critical.’  

For reports on the smart contract and blockchain, the rewards for the tiers are as follows:

Critical Level --- USD $500,000

High Level --- USD $40,000

Medium Level --- USD $5,000

Low Level --- USD $1,000

Assets In-Scope

There are two main conditions to the program. The vulnerabilities must specifically relate to the list of assets, and the impact must be specified in the program. Web and app vulnerabilities that directly affect the assets listed in the table are accepted for the bug bounty reward. Other discrepancies found would be classified as out-of-scope. The reference of the listed assets is provided in this link

Impacts that are accepted in the program are specific but limited to the following: 

Smart Contracts

1. Thefts and freezing of principal of any amount

2. Thefts and freezing of unclaimed yield of any amount

3. Theft of governance funds

4. Governance activity disruption

Website/Apps

1. Redirected funds by address modification

2. Site goes down

Immunefi’s Armor Alliance

Bug Bounty programs launched on Immunefi are entitled to Armor Alliance Bug Bounty Challenge by a smart insurance aggregator. This program matches the bounty reward for Armor’s partners to host their bounty program with Immunefi. The incentive structure encourages DeFi protocols to launch bug bounty programs to decrease the risk of potential exploits. The idea is, if the bounty is big enough, it will encourage potential hackers to make responsible disclosures and claim the incentives rather than draining the contract. 

Source: Amor Alliance Bug Bounty Challenge increases the bounty rewards for its partners to host bug bounty programs

The entire bounty exercise is innovative and is important because it prioritizes safety. Seriousness to safety should be the main feature for all DeFi protocols. Bug bounty programs are a responsible practice for any protocols that are susceptible to exploits. The partnership with Armor creates more incentives for a concerted effort from the community hunting for the lucrative bounty. It is a win-win situation for all parties. 

What is PancakeBunny

PancakeBunny is a decentralized cross-chain yield aggregator. The platform, which runs on both Ethereum and Binance Smart Chain networks, uses various strategies and rewards to enable investors to optimize their yields. PancakeBunny is one of the largest yield aggregators across ETH and BSC. The platform is used for both PancakeSwap (CAKE) and Venus (XVS), The project hopes to launch on Polygon (MATIC) soon.

Check out pancake Bunny's website and social media pages: Website | Telegram |Twitter | Medium


Tags:
Chung Yee

Chung Yee has a legal background and has been involved in research works for the legal and compliance industry. Writing is his passion, centered on topics such as the blockchain and finance.

Text Link

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.