Polkassembly Logo

Create Pencil IconCreate
Chat with KlaraComing Soon
OpenGov
View All Big Spender

POLKADOT <> KUSAMA BRIDGE SECURITY BOUNTY

inBig Spender
2 years ago
Executed

Proponent: Fy6erZmPp78ZY2cN945FU9KnKdATmxvG2eB9a1kh2VX33xz

Date: 01.03.2024

Requested KSM: $250,000 (5102 KSM - based on EMA7 March 1st 2024)

Short description:

Bridges enable transferring data, assets, and more between multiple chains. Due to their pivotal role and high transaction volumes, they have simultaneously become a hotspot for malicious activities. When exploited, these breaches can lead to significant impact including financial losses.

This proposal aims to ensure the utmost security of the bridges and promote community involvement by implementing a Security Bug Bounty Program. While all developers involved work hard to ensure the software and protocols built are bug-free, secure by design, and third-party code audits have been already performed, it is recognised security best practices to complement this. That’s why Polkadot and Kusama need community and bug bounty hunters to help to identify security vulnerabilities that could cause impact from all the severity levels before it is widely used and adopted.

To support this, the Bug Bounty participants are provided with many context details in the full proposal attached, including a threat model of the scope.

As a security vulnerability in the bridge can impact both the source and destination blockchains, a mirror bounty is raised on Kusama and Polkadot

Thanks for your time and support to make Polkadot more secure !

Comments (6)

2 years ago

I'm voting in favor of this with the expectation of a more detailed proposal on the curators for this bounty. Looking forward to seeing which experts will step up for this!

2 years ago

@Adam_Clay_Steeber 

Thanks for your support.
Regarding the curators, the child bounty will be posted just after, without doing too much spoiler it will be composed of 7 groups with people with security experience, with bridge experience and from the ecosystem.
Stay tuned ;-)

2 years ago

This bridge is absolutely needed for the Polkadot ecosystem as it makes two networks maturer in terms of being useful.
However, bridges are usually happen to be the most fragile gear in a system; hence, an exhaustive security assessment is must have.
Bug bounty program is a natural way to engage auditors, so @Fy6e...33xz let's move forward with this initiative.

I vote YES for this proposal.

Load more comments
PleaseLogin to comment

Proposal Passed

Summary

0%

Aye

AyeNay

0%

Nay

Aye (174)0.0 DOT

Support0.0 DOT

Nay (9)0.0 DOT

Help Center

Report an Issue
Feedback
Terms and Conditions
Github

Our Services

Docs
Terms of Website
Privacy Policy

A House of Commons Initiative.

Polka Labs Private Limited 2025

All rights reserved.

Terms and ConditionsTerms of Website
Privacy Policy