Web3 Dictionary Logo
Web3 Dictionary
Contribute

Categories

AllBlockchainDappsDAOsDeFiNFTsRegulationSecuritySmart ContractsTokenomicsWalletsWeb3 GamingOthers
  1. Web3 Dictionary
  3. Security
  6. Bug Bounty
Security

Bug Bounty

A reward program that pays security researchers for responsibly finding and reporting vulnerabilities.

Last Updated

2026-03-29

Related Concepts

ExploitSmart Contract RiskReentrancy
Web3-Explorer Logo

Web3 Security

AD

Security frameworks, smart contract reviews, and compliance alignment to reduce risk and protect users.

Review Security Services

What is a Bug Bounty?

A bug bounty program offers financial rewards to ethical hackers for finding and reporting security vulnerabilities. It is a proactive way to crowdsource security.

How Bug Bounties Work

  1. A project publishes its scope (what's being tested) and rewards (payout amounts).
  2. Security researchers analyze the code for critical bugs like potential fund drains.
  3. A discovered bug is submitted as a private, detailed report to the project.
  4. The project verifies and fixes the bug before it can be exploited.
  5. The researcher is paid, typically in USDC or the project's native token.

Why Bug Bounties Matter

In Web3, a single bug can cost millions. Bug bounties provide continuous, multi-layer security review that complements audits and keeps protocols safe.

Key Features

  • Proactive, continuous security review
  • Incentivizes ethical white hat hackers
  • Tiered rewards based on bug severity
  • Public proof of security commitment

Examples

  • Immunefi: The leading Web3 bug bounty platform.
  • Protocols offering up to $1,000,000 for critical vulnerabilities.
  • Ethereum Foundation's bug bounty for core network security.

External References

  • Immunefi
  • Immunefi Bug Bounty Programs
  • Bugcrowd
  • OpenZeppelin Contracts Security Center
  • Aave Bug Bounty on Immunefi
  • Coinbase Vulnerability Disclosure