Belt Finance, an automated market maker (AMM) protocol that runs profitability improvement strategy on the Binance Smart Chain (BSC), claims to have paid the largest premium in the history of decentralized finance (DeFi) for a white-hat scam that mistakenly avoided the crisis by $10 million.
This week, white-hat programmer Alexander Shlindwin discovered a vulnerability in the Financial Belt protocol and reported it to the team. For his efforts, Schlindwein received a generous compensation of $1.05 million, most of it ($1 million) provided by Immunefi, with an additional $50,000 provided by Binance Smart Chain to Priority One.
Immunefi is one of the leaders in the software market for cryptocurrency projects. Since its inception, the platform has reportedly paid more than $3 million to white hackers who have been able to identify technical infrastructure flaws in smart contracts and crypto platforms.
The first priority is a BSC initiative launched in July to improve the security of decentralized applications (DApps) in the native platform ecosystem. The service mirrors the Immunefi framework and provides a $10 million incentive fund to blockchain bounty hunters that successfully avoids security breaches for 100 DApps.
Shlindwin told Cointelegraph how he discovered the vulnerability:
I perused the list of bug rewards on Immunefi and chose Belt Finance as the next list to work on. While researching their smart contracts, I noticed a potential error in the internal accounting that tracks the funds deposited for each user. Playing with pen and paper gave me more confidence that the bug was there. I set out to create a proper proof of concept (PoC), which undoubtedly confirmed its validity and financial disadvantage. ”
“The next step was to prepare a formal report on Immunefi, including the PoC and a comprehensive description of the process,” said Schlindwin, adding, “Immunefi responded immediately to the critical report and within three minutes of its submission it was delivered to the Belt team. Shortly thereafter, BILT verified validated the report and began implementing a solution that then fixed the vulnerability.”
Related: Perfect Storm: DeFi Hacks Will Push Crypto Industry Away
While Defi security breaches remain a common concern, some have argued that the growing ecosystem will benefit from such incidents in the long run, as vulnerabilities are clearly identified.
Cointelegraph asked Schlindwin about his view of the importance of bounty programs in supporting DeFi’s anti-fracking ambitions:
“I strongly believe in the importance of rewarding errors and initiatives as a bounty fund. DeFi security consists of several layers, from peer review and unit testing to external review and formal review. Bounties for errors are the last line of defense in the event of a problem, going beyond the overall teams that have the ability to prevent disruptive hacks, rather than seriously addressing the problem and making up for it.”
DeFi bug bounties were rare before Immunefi came along and were only offered through “Crème de la Crème” projects. “It is great to see hundreds of projects launching their bug fixing awards today, which will undoubtedly enhance DeFi security in the long run,” concludes Schlindwin.