To the DeFi community,
This week, Ethereum scaling solution Optimism paid a $2 million bug bounty for the discovery of a bug that would have allowed users to double spend and generate an unlimited amount of tokens without backing. The exploit has been patched, and bug bounties yet again prove one of the most valuable resources for early-stage protocols where security is paramount.
Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. https://t.co/J6KOlU8aSW
— Jay Freeman (saurik) (@saurik) February 10, 2022
Competing scaling solution Polygon announced a private sale of $450m MATIC tokens to investors including Sequoia Capital India, Softbank, and Galaxy Digital. The funds will go towards helping Ethereum maintain its status as the dominant smart contract execution blockchain, and helping Polygon build out a suite of services to become the ‘AWS of Web3’.
— Polygon | $MATIC 💜 (@0xPolygon) February 7, 2022
Ssv.network (Secret-shared-validator) announced a $10 million fundraise led by Digital Currency Group and Coinbase. Ssv aims to provide a decentralized staking solution for nodes to support the Ethereum consensus layer (formerly Eth 2.0) and will use the fund for collaborations and to fund grants for developers and network participants.
.@ssv_network, a decentralized staking protocol for Ethereum’s consensus layer, has raised $10 million to expand its platform ahead of the blockchain's merge to Proof-of-Stake. https://t.co/slXEFxP6wE
— Crypto Briefing (@Crypto_Briefing) February 8, 2022
And MakerDAO launched a $10 million bug bounty program of their own by way of leading crypto security firm Immunifi. Bug reports and payments don’t require KYC, and the program will pay out a maximum of up to $10 million for a critical security bug found in the live smart contracts of the protocol.
— Immunefi (@immunefi) February 10, 2022
DeFi hacks are still a common occurrence, which shouldn’t be a big surprise for a less than five year old industry built using entirely new underlying technology. But the headlines do little to validate the notion of DeFi as ‘the future of finance’, and those protocols that have been impacted by a major exploit are likely to face a significantly tougher battle being adopted by institutional finance organizations where such losses could mean the end of the business and potentially even personal liability.
Not every team has the resources to offer bug bounty programs on the scale offered by some of the leading DeFi players like Polygon (who paid their own $2 million bug bounty just a few months ago) or MakerDAO. But those protocols are also less likely to be targeted, as they offer smaller potential rewards for a successful attack.
But the riskiest junctures are likely to be manifest when a good idea’s time has come and applications go from niche with small TVL to the flavor of the day with TVL rapidly rising – these teams are already likely to be overstretched as demand outpaces talent and other resources beyond capital and the potential gain from exploits rapidly grows. In these situations, it’s best to follow the blue chip players as quickly as possible in setting up a bug bounty program, even if the rewards don’t scale up to $10 million. Credibility takes years to generate and seconds to destroy, and there’s no shame in incentivising the developer community to check your work.
Highest Yields: BlockFi at 8.50% APY, Nexo Lend at 8.00% APY
Cheapest Loans: Aave at 3.78% APY, Compound at 4.27% APY
DAI Savings Rate: 0.00%
Base Fee: 0.00%
ETH Stability Fee: 2.00%
USDC Stability Fee: 0.00%
WBTC Stability Fee: 2.00%
Highest Yields: Celsius at 8.5% APY, Nexo Lend at 8.00% APY
Total Value Locked: $87.35B (up 7.39% since last week)
DeFi Market Cap: $110.24B (up 3.93%)
DEX Weekly Volume: $16.76B (up 1.39%)
Total DeFi Users: 4,364,300 (up 0.72%)
[Andjela Radmilac – Crypto Slate] – With 99.56% of users in favor, Aave to be deployed on Evmos and the greater Cosmos ecosystem
[Anthony Sassano – The Daily Gwei] – Squashing Bugs – The Daily Gwei #436
[Timothy Craig – Crypto Briefing] – Can Terra’s UST Stablecoin Hold Its Peg?
[Andrew Hall – The Defiant] – What the History of Democracy Can Teach Us About Blockchain Governance
Alex is a Content Writer at Circle, with previous experience at tech startups, Fortune 500 corporations, and as a freelance writer and analyst. Interests include cutting-edge technologies in blockchain, energy, supply chains, transportation, urban living, and more and he has been in the crypto community since 2014.