Compound Finance Initiates $1 Million Bug Bounty Program for Security Enhancements
Decentralized finance (DeFi) protocol Compound Finance has initiated a $1 million bug bounty program in collaboration with Immunefi to enhance security. This initiative aims to incentivize security experts to identify vulnerabilities within Compound's algorithmic interest rate platform.
Bug Bounty Program Rewards Structure
The program offers rewards based on the severity of reported vulnerabilities, categorized under Immunefi's Vulnerability Severity Classification System V2.3:
- Low-level vulnerabilities (minimal risks): $1,000
- Medium-level vulnerabilities: up to $5,000
- High-level vulnerabilities (e.g., theft or freezing of funds): between $10,000 and $50,000, depending on potential damage
- Critical vulnerabilities: up to $1 million or 10% of affected funds, whichever is lower, with a guaranteed minimum payout of $50,000
Compound acknowledges that critical vulnerabilities may lead to repeatable attacks where compromised smart contracts cannot be paused or upgraded. In such cases, rewards will be calculated based on total cumulative damage to funds.
Payment in COMP Tokens
Payouts for the bug bounty will be managed by the Compound DAO, with rewards denominated in USD but paid in the native token COMP. The conversion from USD to COMP will use the average price listed on CoinMarketCap and CoinGecko at the time of report submission.
This bug bounty program aims to motivate researchers to disclose issues promptly, thereby preventing avoidable damages.