Through its collaboration with Immunefi, The Graph will reward whitehat hackers with payouts from $5k to $2.5M for finding bugs ranging from low severity to critical
Blockchain indexing and querying protocol The Graph announced yesterday the launch of its record-breaking bug bounty programme, which will see a maximum payout of $2.5 million — the largest active security bounty in the world.
The Graph enables data to be transformed, organised and shared across applications through the building and publishing of open APIs called subgraphs. This data can quickly and reliably be queried by decentralised applications (dApps) on networks such as Ethereum, IPFS, Avalanche and Celo.
In total, The Graph supports data querying on 22 different networks and more than 18,000 subgraphs have been deployed so far by about 20,000 developers. These subgraphs are used by applications including Balancer, Synthetix, Uniswap, Aave and Decentraland.
The Graph’s bug bounty programme is being launched with the collaboration of bug bounty platform Immunefi, which specialises in smart contracts and Web3 projects. The platform has already paid whitehat hackers more than $3 million in bounties by enabling them to review code and disclose vulnerabilities.
Immunefi’s Founder and CEO, Mitchell Amador, said, “Last year more than $200 million was stolen by hackers through DeFi exploits and hacks, and this indeed calls into question the effectiveness of traditional security methods. We at Immunefi strive to protect projects against smart contract hacks by helping create, run, and promote best practice bug bounty programs. We're excited about this historic collaboration with The Graph.”
Low severity level bugs will earn their finders payouts of $5,000 in GRT, while finders of critical bugs can earn $2.5 million, according to the Immunefi Vulnerability Severity Classification System. The Graph aims to mitigate risks to its ecosystem, such as exposure of private information and loss of user funds.
Director of The Graph Foundation, Eva Beylin, commented, “We're really excited to be working with our community and the Immunefi team on this historic bounty. The Graph Foundation is ready to invest into making the next generation of Web3 infrastructure more secure and reliable for our developer community — we're ready and willing to incentivize world class engineers to help us accomplish this vision.”