The IPOR Protocol has established its first bounty program for the identification and reporting of smart contract bugs.
Trust is hard to earn but can disappear in the span of a flash loan.
Since its Ethereum mainnet launch in August 2022, the IPOR Protocol has gone through multiple audits. More have been scheduled in relation to the upcoming V2 Protocol upgrades. Information about all IPOR audits can be accessed in the Docs.
To learn how one of IPOR’s more thorough code examinations went, listen to the Twitter Space recording with one of the Protocol auditors — Ackee Blockchain.
Includes time anchors for easy navigation in the video description.
Best Practices in Security
Audits are essential but work way better with an experienced dev crew. The IPOR Labs developer team is composed of professionals with decades of training in enterprise-grade software security:
- The core of the IPOR Protocol is built by software engineers with over 15 years in enterprise software development building core infrastructure for banking, payments, and insurance.
- The smart contract team are mathematicians by discipline with Ph.D. and MsCs in Applied Mathematics and combine this with enterprise software discipline to build secure, succinct, and scalable smart contracts.
- The infrastructure and data teams have previously secured technical infrastructure in banking and finance.
With an experienced team and robust code auditing, there has so far been a single missing link in IPOR Protocol’s security approach — a bug bounty program.
That’s now a reality thanks to a collaboration with Immunefi.
Up to $100,000 for Critical Code Vulnerabilities
An industry standard, Immunefi is where white hats go to earn bounties for code vulnerabilities. In the case of IPOR, Immunefi’s bug bounty program is focused exclusively on smart contracts security.
30 IPOR smart contracts are covered by the program with bug bounties ranging from $1000 to $100,000 in crypto assets.
The severity level categorization of smart contract threats in IPOR’s program follows Immunefi’s classification system (V2.2) ranging from “None” to the highest level “Critical”. You can find more information in Immunefi’s documentation.
The following impacts on IPOR’s contracts are considered within the bug bounty scope:
Smart Contracts
- Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield. (Critical)
- Permanent freezing of funds. (Critical)
- Protocol insolvency. (Critical)
- Theft of unclaimed yield. (High)
- Permanent freezing of unclaimed yield. (High)
- Smart contracts are unable to operate due to a lack of token funds. (Medium)
- Unbounded gas consumption. (Medium)
- Contract fails to deliver promised returns, but doesn’t lose value. (Low)
IPOR’s Immunefi program is subject to constant review with bounties being adjusted with the growth of the Protocol.
Detailed information about IPOR’s Immunefi’s Bug Bounty Program is available here:
IMPORTANT: Bug reports will be accepted only through the Immunefi platform. Use the “Submit a Bug” button on IPOR’s Immunefi page.
Peace of Mind for the IPOR Community
The partnership with Immunefi further strengthens IPOR’s value offering to traders and liquidity providers by adding an additional layer of security. It formally announces the protocol’s willingness to cooperate with white hats and the wider developer community to make IPOR the foundation of DeFi credit markets.
Thanks for reading!
Leave a comment below if you have any questions. Be sure to join our Discord community to receive the most relevant updates on the IPOR Protocol and Interest Rates in DeFi. Meaningful product discussions are highly valued and spam is strongly discouraged. Be cautious and don’t fall for impersonators.
Follow IPOR Labs on social media so you never miss a beat!
Website | DApp | Docs | Discord | Twitter | LinkedIn | Telegram | YouTube
