1. Home
  2. Bugs

Bugs

Optimism Finds Vulnerabilities in Fault Proof System, Proposes Upgrade to Patch Them

Optimism Finds Vulnerabilities in Fault Proof System, Proposes Upgrade to Patch ThemOP Labs, a software development company focusing on the Optimism ecosystem, has proposed an upgrade for the Optimism rollup called Granite, which comes to fix a series of vulnerabilities in the chain’s fault-proof system. While some high-severity vulnerabilities were encountered during external audits, OP Labs stated that none had been exploited. Optimism Proposes Network Upgrade […]

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets

Ethereum Patch Set to Fix Transaction Finality Challenges After Second Bout Disrupts Network

Ethereum Patch Set to Fix Transaction Finality Challenges After Second Bout Disrupts NetworkOn Friday, Ethereum’s Beacon chain encountered yet another bout of transaction finality challenges, reminiscent of the glitch experienced on May 11, 2023. For over an hour, the blockchain stopped the process of finalizing blocks. However, Superphiz, an Ethereum developer, emphasized that despite this setback, “No transactions were halted” and the incident had “zero impact on […]

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets

Ethereum Plans ‘Shapella’ Transition on Zhejiang Testnet — Dev Insists ‘Withdrawals are Coming’

Ethereum Plans ‘Shapella’ Transition on Zhejiang Testnet — Dev Insists ‘Withdrawals are Coming’Ethereum core developers plan to activate the “Shapella” transition through the Zhejiang public testnet on Feb. 7, 2023, according to Tim Beiko of the Ethereum Foundation. If successful, Beiko said the Sepolia testnet could follow two days later, followed by the Goerli testnet. He noted that the testnet has a faucet, block explorer, and staking […]

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets

Ethereum Developers Commence Finalizing Shanghai Upgrade ‘Shadow Fork’ for Testing and Bug Identification

Ethereum Developers Commence Finalizing Shanghai Upgrade ‘Shadow Fork’ for Testing and Bug IdentificationEthereum developers have begun finalizing the Shanghai upgrade “shadow fork,” according to software engineer Marius van der Wijden. The “shadow fork” will serve as a testing environment for the Shanghai upgrade, allowing developers to identify bugs and any potential issues. Ethereum’s Shanghai Upgrade ‘Shadow Fork’ Launches As the cryptocurrency community awaits the upcoming Shanghai hard […]

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets

Immunefi says it has facilitated $66M in bug bounty payouts to whitehats since inception

The average bug bounty payout over 1,248 confirmed reports was $52,800.

According to a new report released on Dec. 21, blockchain security firm Immunefi said that it has processed more than $65,918,994 crypto bounties paid to ethical hackers over 1,248 reports since its inception on Dec. 9, 2020. Web 3.0 projects list bounty programs on ImmuneFi to encourage whitehat hackers to report vulnerabilities and claim monetary rewards, which the company then facilitates.

The payouts appear to be concentrated in nature, with bounty programs operated by Wormhole, Aurora, Polygon, Optimism, and an undisclosed firm accounting for $30.2 million worth of rewards in the past year. The median payout was $2,000, and the average payout was $52,800. A small number of critical vulnerability bug reports received the highest rewards. 

"A $5,000 bounty payout for a critical vulnerability may work in the web2 world, for example, but it does not work in the web3 world. If the direct loss of funds for a web3 vulnerability could be up to $50 million dollars, then it makes sense to offer a much larger bounty size to incentivize good behavior."

In terms of vulnerability notifications, Smart Contracts issues took the lead, with a total of 728 submissions, accounting for 58.3% of paid reports. Meanwhile, the Websites and Applications and Blockchain/Distributed Ledger Technology (DLT) categories totaled 488 submissions (39.1) and 32 submissions (2.6%), respectively. Interestingly, despite having a high number of submissions, Website and Applications reports only represented 2.9% of total whitehat payouts, whereas Smart Contract bugs accounted for 89.6% of payments.

The Wormhole vulnerability discovery resulted in a $10 million bug bounty payout | Source: Immunefi

The bounty programs detected high vulnerability reports, such as the case in Pods Finance, for a logic error that allowed for theft of yield or abuse of the rewards system on the protocol. Another includes Mushrooms Finance's vulnerability which could be potentially exploited via a miner-extractable value attack with flash bots.

The report also dedicated a portion of ransom analysis, revealing that malicious hackers have returned $32.7 million in funds illicitly gained from decentralized finance (DeFi) protocols across five specific situations in 2022. Hackers have kept $6,44 million in total ransom payments. Some experts say that the payment of ransom to hackers amounts to giving into extortion, but nearly all agree that it's much better to instate a bug bounty program ex ante facto. Immunefi currently offers $144 million in bounty rewards through Web 3.0 projects listed on the platform. 

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets

Meta’s Horizon Worlds Metaverse App Still Too Buggy to Be Used According to Company Executives

Meta’s Horizon Worlds Metaverse App Still Too Buggy to Be Used According to Company ExecutivesMeta’s VP of Metaverse, Vishal Shah, acknowledged that Horizon Worlds, the flagship app that Meta uses to show the potential of its metaverse, still has many problems affecting its usability. In a recent memo, Shah explains that even Meta’s employees are not using the app so much, and hints at the establishment of time quotas […]

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets

An In Depth Look at Bitcoin’s First Chain Split: Satoshi Helps Reverse the Creation of 184 Billion BTC

An In Depth Look at Bitcoin’s First Chain Split: Satoshi Helps Reverse the Creation of 184 Billion BTCSince January 3, 2009, the Bitcoin network has been functional for 99.98662952015% of the time. However, the protocol has had a few hiccups along the way and on a few occasions, the chain split into two. Most people are well aware of the Bitcoin Cash split that took place on August 1, 2017, but the […]

Counterpunch: Russia Reveals Plan to Utilize Frozen Western Assets