Our Bug Bounty Program with Immunefi
Because we believe that risk mitigation is a top priority
In order to lessen negative impact of potential hacks, we plan to enhance our security against malicious actors, therefore we have onboarded Immunefi to deliver rewards for finding bugs in our smart contracts.
In line with other risk mitigation techniques, such as smart contracts audits which we have completed and aim to continue to develop, 2pi believes that a proper bounty program that incentivise white hackers for finding bugs in the contracts. A partnership with Immunefi will strengthen our ecosystem further and provide a higher level of security for our Fintech partners in the future.
Partnering With Immunefi to Deliver a Bug Bounty Program
This partnership provides rewards for white hats who find bugs in our smart contracts and/or vulnerabilities. Immunefi covers a number of features and assets such as smart contracts.
Impacts in Scope
Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.
- Loss of user funds staked (principal) by freezing or theft
- Loss of governance funds
- Theft of unclaimed yield
- Freezing of unclaimed yield
- Unable to call smart contract
Please refer to further details here: https://immunefi.com/bounty/2pi/
Rewards by threat level
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Immunefi is the premier bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer. Immunefi removes security risk through bug bounties and comprehensive security services.
Launched on December 9, 2020, Immunefi focused on blockchain and smart contract security. We provide bug bounty hosting, consultation, bug triaging, and program management services to blockchain and smart contract projects.
Bug bounty programs are open invitations to security researchers to discover and disclose potentially vulnerabilities in projects’ smart contracts and applications, thereby protecting projects and their users. For their good work, security researchers receive a reward based on the severity of the vulnerability, as determined by the project affected.
Why have a bug bounty program at all? In 2020 alone, hacks and scams cost the DeFi community over $238m, and bug bounties can prevent those hacks from happening. Bug bounty programs surface vulnerabilities so they can be fixed before they get exploited in malicious hacks that destroy projects and ruin reputations.