Following the launch of Balancer V2, the project’s team has earmarked 1,000 ETH for individuals who spot vulnerabilities in the second iteration of its decentralized finance protocol.
The bounty prize is worth about $2 million at current market prices. Balancer Labs claims that amount is the largest single bug bounty in history. The said bounty is supposed to incentivize white hat hackers to search for and report any bugs found in the Balancer V2 Vault architecture. Balancer Labs CEO Fernando Martinelli said:
Apart from being the largest on record, our bug bounty is innovative in that it scales as ETH goes up, in correlation with the broad crypto market and likely with the total value locked in Balancer protocol […] The more there is at stake, the higher we believe our bug bounty rewards should be. The bug bounty program empowers everyone in the developer community to help us build a better Balancer.
The move does not come as a surprise. Back in June 2020, Balancer Labs fell victim to a cyber-attack that manipulated the protocol into releasing $500,000 worth of tokens. As per the company’s website, vulnerabilities have been set on a scale from “critical” to “low.” While low severity reports receive 5 ETH, critical reports will get up to 1000 ETH.
A critical vulnerability can be anything from draining significant funds from the Vault to permanently locking funds in the Vault. Meanwhile, something like a minor rounding error that allows hackers to “manipulate balances to their advantage” is considered to be of low vulnerability.