Binance made the announcement on July 26, stating that security should be the number one priority for everyone, users and projects alike.
The bug bounty fund called “Priority One” aims to keep the BSC network secure by encouraging bug bounty hunters and ethical hackers, or “white-hats.”
The crypto giant added that the bounty program aims to continuously improve software security and lifecycle management. It also aims to provide risk control and attract more “proactive penetration testing” to identify issues early.
“We aim to create a $10 million USD bounty pool that will reward all bounty hunters for disclosing verifiable attack vectors or security flaws across up to 100 dApps.”
Big bucks for bug bounty
The BSC Accelerator Fund will start this month by establishing a BNB bounty pool worth $3 million to support the initial 30 projects.
This will be followed by a new Binance Chain Evolution Proposal (BEP) to the existing BSC validators in October. It will propose the allocation of a certain percentage of the daily block rewards toward the bounty pool.
It added that if validators support the proposal, it should be enough to raise the remaining funds. The BSC core team will manage the initial $3 million BNB bounty pool, that will be used to reimburse bug bounties paid out by eligible participating projects.
Binance explained that the pool will reimburse up to 50% of the bounty reward for high and critical issues, and these will require review by PeckShield, CertiK, Immunefi, and the Binance security team.
BSC projects wanting to participate must have at least two audits or security certifications, and “show a serious dedication towards improving their security” by funding at least $100,000 USD towards their bug bounty program.
A year of BSC exploits
The move comes amid a wave of decentralized finance (DeFi) exploits targeting the BSC network and the plethora of forked and unaudited projects that have been launched on it.
The list of BSC-based DeFi protocols that have been exploited this year is still growing and currently includes PancakeBunny, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, Spartan Protocol, Belt Finance, and Impossible Finance.
In late May, the BSC community itself claimed that the wave of attacks was organized and targeted.