Polkadot Kusama Bridges Security Bug Bounty
Proponent: 14Pn8sUxdEMgFRDgZ5J2VfcUVMLaMQhst9XuvCj9
Date: 26.01.2024
Requested DOT: $250,000 (39,100 DOT - rate 1 DOT=$6.39)
Short description:
Bridges enable transferring data, assets, and more between multiple chains. Due to their pivotal role and high transaction volumes, they have simultaneously become a hotspot for malicious activities. When exploited, these breaches can lead to significant impact including financial losses.
This proposal aims to ensure the utmost security of the bridges and promote community involvement by implementing a Security Bug Bounty Program. While all developers involved work hard to ensure the software and protocols built are bug-free, secure by design, and third-party code audits have been already performed, it is recognised security best practices to complement this. That’s why Polkadot and Kusama need community and bug bounty hunters to help to identify security vulnerabilities that could cause impact from all the severity levels before it is widely used and adopted.
To support this, the Bug Bounty participants are provided with many context details in the full proposal attached, including a threat model of the scope.
As a security vulnerability in the bridge can impact both the source and destination blockchains, a mirror bounty is raised on Kusama and Polkadot
Thanks for your time and support to make Polkadot more secure !
Comments (1)
To provide more details about the question raised on Polkadot direction
Element channel in relation to the amount of bounty reward being potentially low versus TVL of Polkadot and Kusama
In fact amount of bounty depends multiple drivers:
The proposal here try to balance these drivers by factoring the following: