BLOG January 7, 2022
Neo Collaborates with Immunefi to Offer a New Vulnerability Bounty Program
Neo, an open-source community-driven blockchain platform, and Immunefi, the leading bug bounty platform for Web3 with the world’s largest bounties, are collaborating to host a new Neo vulnerability bounty program. This program will provide a proactive channel where security researchers can report on and earn rewards for identifying potential security vulnerabilities related to the underlying Neo blockchain infrastructure.
Neo Global Development (NGD) has dedicated a substantial pool of reward funding for the program. Issues determined to be valid as per the rules listed here will be rewarded via payments in NEO equivalent to the USD amounts listed here. Base bounty amounts by severity level will be as follows:
- Critical (issues that would lead to severe asset loss): Bounty up to $100,000
- High (issues that would lead all networks to fail): Bounty up to $50,000
- Medium (issues leading to single node failure): Bounty up to $20,0000
- Low (other valid issues): Bounty up to $5,000
For certain vulnerabilities that the Neo team determines to be of particular interest and criticality, higher reward amounts than those noted here may be paid out.
Effective as of January 7th, 2022, and continuing for the long term, everyone who finds the vulnerabilities can submit a bug report through Immunefi. On a best-effort basis, the Neo team will then investigate eligible vulnerabilities and fix the valid issues.
“Information and data security have always been the most important concern of Neo, so this collaboration with Immunefi is a natural fit,” said Steven Liu, Head of Development at NGD. “With the aim of deploying many more DeFi, NFTs, and other future-oriented applications, Neo N3 will continue to deliver unparalleled efficiency and security at a low cost.”
“Immunefi is excited to help secure the Neo blockchain platform and its ecosystem,” said Travin Keith, co-founder of Immunefi. “It’s great to see Neo take security more seriously by having a bug bounty program on our platform.”