In a statement shared with CoinDesk, Balancer Labs claimed the $2 million bounty is the largest single bug bounty in history, and that the prize will hopefully incentivize ethical hackers to discover and report vulnerabilities in the Balancer V2 Vault architecture, which will be available to developers starting Tuesday.
The V2 vault, which isn’t live yet, is a single vault that holds and manages all the assets entrusted to the platform, designed to dramatically reduce gas fees by making transactions simpler.
“What would have been multiple transactions before, each resulting in gas fees, will now be a single transaction,” Balancer Labs CEO Fernando Martinelli told CoinDesk via a written statement.
The bug bounty for the newly released V2 single-vault comes after Balancer Labs fell victim to a cyberattack that tricked its protocol into releasing $500,000 worth of tokens in June 2020. Balancer Labs is looking to reward discoveries like the draining of significant funds from the Vault, permanent locking of significant funds in the Vault or for discovering severe rounding errors where an attacker can steal funds in excess of any gas costs or swap fees, according to the firm’s announcement.
Bug bounties are increasingly becoming an attractive revenue stream for security researchers, and an efficient way for tech firms to identify weaknesses in their products. In 2020, Google announced it had paid over $21 million in bug bounties under its vulnerability reward program since 2010, spending $6.5 million in 2019 alone. In 2020, hackers from dozens of countries earned up to $40 million just by identifying system vulnerabilities for various organizations.
Decentralized finance (DeFi) platforms like Balancer Labs are increasingly vulnerable to hacks and theft. According to a report by crypto sleuth CipherTrace, in the second half of 2020 half of all targeted entities for crypto-related hacks were DeFi platforms, making up 14% of total hacked volume (amounting to $47.7 million).
The Balancer Labs vulnerability tests are scheduled for late April, while further instructions are available on its website.
“Apart from being the largest on record, our bug bounty is innovative in that it scales as ETH goes up, in correlation with the broad crypto market and likely with the total value locked in Balancer protocol. The more there is at stake, the higher we believe our bug bounty rewards should be,” Martinelli said in the announcement.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.