ArmorFi’s CTO Robert Forster is partnering with bug bounty platform Immunefi to personally offer the equivalent of $320k to anyone who can find a critical smart contract bug in any Ethereum ecosystem project.
The program, which is hosted on Immunefi and called the R Bounty, is designed to encourage responsible disclosure of critical vulnerabilities. The announcement comes days after Alpha Homora v2 was hacked for $37.5M, while Yearn Finance lost $11M in an exploit last month. Forster will be giving out the reward in Armor tokens, in a personal capacity.
More specifically, the R Bounty program covers critical smart contract bugs that could result in the loss of at least $1 million USD in user funds. If a project already has a bug bounty program, this reward will come on top of whatever reward that project issues.
The bounty is the latest in a series of efforts to improve security in DeFi. Earlier this week developer Emilio Bonassi launched ReviewsDAO, a forum for connecting projects with white hat hackers and security experts. Immunefi launched in December with the goal to have “sclaing bug bounties,” or payouts should priced as a percentage of the economic damage they would have caused.
Forster came up with the idea for the R Bounty program after ArmorFi’s own bug bounty program saved the project from a critical vulnerability. Earlier this month, Alexander Schlindwein, CTO of IdeaMarkets, found and disclosed a critical bug in Armor’s smart contract code to Immunefi. This vulnerability could have resulted in all funds being drained from ArmorFi’s insurance coverage pool.