To the DeFi community,
This week, Ethereum scaling solution Optimism paid a $2 million bug bounty for the discovery of a bug that would have allowed users to double spend and generate an unlimited amount of tokens without backing. The exploit has been patched, and bug bounties yet again prove one of the most valuable resources for early-stage protocols where security is paramount.
Competing scaling solution Polygon announced a private sale of $450m MATIC tokens to investors including Sequoia Capital India, Softbank, and Galaxy Digital. The funds will go towards helping Ethereum maintain its status as the dominant smart contract execution blockchain, and helping Polygon build out a suite of services to become the ‘AWS of Web3’.
Ssv.network (Secret-shared-validator) announced a $10 million fundraise led by Digital Currency Group and Coinbase. Ssv aims to provide a decentralized staking solution for nodes to support the Ethereum consensus layer (formerly Eth 2.0) and will use the fund for collaborations and to fund grants for developers and network participants.
And MakerDAO launched a $10 million bug bounty program of their own by way of leading crypto security firm Immunifi. Bug reports and payments don’t require KYC, and the program will pay out a maximum of up to $10 million for a critical security bug found in the live smart contracts of the protocol.
DeFi hacks are still a common occurrence, which shouldn’t be a big surprise for a less than five year old industry built using entirely new underlying technology. But the headlines do little to validate the notion of DeFi as ‘the future of finance’, and those protocols that have been impacted by a major exploit are likely to face a significantly tougher battle being adopted by institutional finance organizations where such losses could mean the end of the business and potentially even personal liability.
Not every team has the resources to offer bug bounty programs on the scale offered by some of the leading DeFi players like Polygon (who paid their own $2 million bug bounty just a few months ago) or MakerDAO. But those protocols are also less likely to be targeted, as they offer smaller potential rewards for a successful attack.
But the riskiest junctures are likely to be manifest when a good idea’s time has come and applications go from niche with small TVL to the flavor of the day with TVL rapidly rising - these teams are already likely to be overstretched as demand outpaces talent and other resources beyond capital and the potential gain from exploits rapidly grows. In these situations, it’s best to follow the blue chip players as quickly as possible in setting up a bug bounty program, even if the rewards don’t scale up to $10 million. Credibility takes years to generate and seconds to destroy, and there’s no shame in incentivising the developer community to check your work.
Thanks to our partner: Nexo – Unlock the power of your crypto with up to 17% interest and borrowing starting at 6.9%. Read our Nexo review.
Highest Yields: BlockFi at 8.50% APY, Nexo Lend at 8.00% APY
Cheapest Loans: Aave at 3.78% APY, Compound at 4.27% APY
DAI Savings Rate: 0.00%
Base Fee: 0.00%
ETH Stability Fee: 2.00%
USDC Stability Fee: 0.00%
WBTC Stability Fee: 2.00%
Highest Yields: Celsius at 8.5% APY, Nexo Lend at 8.00% APY
Cheapest Loans: dYdX at 0.01% APY, Aave at 3.55% APY