Burrow is proud to announce its new bug bounty program with ImmuneFi, aimed at identifying and fixing potential vulnerabilities in the Burrow protocol. As one of the core DeFi protocols on NEAR, Burrow is dedicated to being both secure and stable for its users, and this bug bounty program is another step towards that goal.
Burrow’s bug bounty offers rewards ranging from $1,000 to $250,000 for reporting varying magnitudes of smart contract vulnerabilities. The rewards will be distributed according to the ImmuneFi Vulnerability Severity Classification System V2.2, a simplified 5-level scale focusing on the impact of the vulnerability reported.
All bug reports must come with a proof of concept (PoC) and a suggestion for a fix to be considered for a reward. The scope of the bug bounty includes all of Burrow’s main smart contracts, which can be found on Burrow’s GitHub page.
The following impacts are accepted within the bug bounty program: direct theft of any user funds, robbery of unclaimed yield, temporary freezing of funds, and more. The bug bounty program has some exclusions and rules, such as attacks requiring access to leaked keys/credentials, basic economic governance attacks, and requiring KYC for all bug bounty hunters submitting a report and wanting a reward. The full list of exclusions and rules can be found on the Burrow bug bounty program page on ImmuneFi.
Burrow and ImmuneFi invite all security researchers and white hat hackers to participate in the bug bounty program and help make Burrow even more secure. Learn all about the Burrow bug bounty HERE.