The DeXe Protocol’s Bug Bounty Campaign announcement
Based on a recently passed proposal in the DeXe Protocol DAO, we’re excited to announce the launch of a massive, open-ended, multi-platform Bug Bounty campaign for the DeXe Protocol with a rewards pool of $2,000,000+ in $DEXE!
The need for bug bounties
Top-notch security is paramount for the success of the DeXe Protocol since user funds may interact with any of its 50 smart contracts and outside ones as well. Protecting user assets protects the Protocol’s reputation and helps in its adoption.
Thus, on top of passing 5 security audits from Cyfrin, Hacken, CertiK, and twice by Ambisafe, an active and ongoing hunt for vulnerabilities is a necessary extra layer of protection.
The Bug Bounty campaign will attract white hat hackers from all over the world to find any bugs that may endanger the Protocol and report them to DeXe in exchange for a reward. This will allow the Protocol’s contributors to fix the bugs before a malicious actor can exploit them.
Campaign details
To attract as many white hat hackers as possible, the DAO has selected 3 of the biggest and most trusted bug bounty platforms:
- Immunefi, which protects $60B in user funds and has paid out over $85M in bounties
- HackenProof, active since 2017 and trusted by the likes of 1inch, Near, Metis, and KuCoin
- HatsFinance, with 500+ security researchers on standby
The bug bounty campaign will be gradually launched with each platform and go on as long as it is funded. To ensure the campaign’s longevity, the DeXe Protocol DAO funded it with 500,000 $DEXE ($2M+) from its treasury, with additional funding possible via a future DAO proposal, if needed. Payouts will be based on the bug’s security threat level:
Medium — up to $1,000 in stablecoins
High — up to $5,000 in $DEXE
Critical — $10,000–50,000 in $DEXE sent via a 6-month linear vesting schedule
Additionally, there are plans to implement on-chain protection that would reduce the threat level of vulnerabilities and thus lower the associated bounty costs.
Managing the campaign
To run this bug bounty campaign, a new DAO has been created, governed by 6 members:
- Each of the 3 bug bounty platforms
- 2 Validators of the DeXe Protocol DAO
- The DeXe Protocol DAO itself
The platforms will provide bug reports that the validators can implement into fixes. If a bounty needs to be paid out, a DAO proposal will be created for releasing and distributing the funds for the bounty.
For expedience and better administration of security issues, a DeXe Protocol DAO validator was given the necessary permissions for adding fixes of found bugs to the Protocol.
Stay tuned!