Azuro has launched a bug bounty on web3’s leading bug bounty platform Immunefi, with hackers being rewarded a maximum bounty of $21,500 for finding a critical issue. This is an extra layer of security for the protocol & the final step before Azuro’s mainnet launch and the first betting frontend goes live.
The Backstory
Before the launch of the bug bounty, Azuro had already conducted 2 external audits from reputable auditors. After their scrutiny, no critical issues were discovered, and minor issues were resolved. However, following a further investigation from Azuro and their partners Gnosis, there appeared to be a critical issue connected to the liquidity pool which had been entirely missed by the auditors. This was very disappointing news for all involved and has led Azuro to question the ability of the auditors.
Perhaps the reason behind the auditors failing to spot the critical issue was due to Azuro’s unique approach to decentralized betting. Instead of following the more traditional approach using a peer-to-peer model, Azuro has created something entirely new. Building the protocol around a peer-to-pool design created a completely novel liquidity pool design being developed, now known as — The Liquidity Tree. Due to this unique approach to the use of smart contracts, and with the protocol's safety remaining paramount, Azuro has felt the only way to move forward was to double down and launch a bug bounty.
The Bug Bounty
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.1. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
Rewards
Critical — $21,500
High — $7,000
Medium — $2,000
Low — $1, 000
All Critical and High Smart Contract bug reports require a suggestion for a fix to be eligible for a reward.
The following vulnerabilities are not eligible for a reward:
- Oracles/Maintainer manipulation, for example: choosing the wrong outcome as a winner or incorrect odds. It is solved separately by Azuro’s governance contracts
- Gas efficiency improvements
- Limited number of deposits in Liquidity Pool
- All vulnerabilities marked in Pessimistic security review are not eligible for a reward.
Full details are HERE on the Immunefi website.
