The trial bug bounty matching program between Nexus Mutual and Immunefi is now live after the successful governance vote concluded August 2.
We want to thank each and every one of you who voted in support of the proposal, and we want to earn the trust and support of those who didn’t. Over the next 12 months, we aim to create real value for the Nexus Mutual community.
As per the details of the proposal, Nexus Mutual Community Fund has allocated up to 2500 NXM to a rewards pool for the purpose of providing 1:1 matching payouts, with a maximum of $200,000 per valid critical bug report.
This amount is enough to cover the maximum of a single payout, which allows the Nexus Mutual community to fully explore the value proposition of bug bounty matching, while also minimizing risk and managing the treasury prudentally.
The way the program works is a straightforward, two-part process:
- Any valid and paid critical bug report (per Immunefi criteria) on an approved Immunefi bug bounty program is subsequently reviewed by the Nexus core team
- If exploitation of the critical vulnerability would have resulted in a payout, the Nexus core team agrees to provide a 1:1 matching payout up to $200,000
The Nexus Mutual core team has determined the following bug bounty programs on Immunefi to be eligible and pre-approved for matching payouts:
- Alpha Finance
- BadgerDAO
- Bancor
- Compound
- Pool Together
- Sushiswap
- Synthetix
- Vesper Finance
- Yearn
We will individually reach out to these projects and inform them that Nexus Mutual is providing matching bug bounty payouts on their programs for valid, critical vulnerabilities.
After qualifying reports have been fully resolved and the affected projects agree to disclose them, we’ll be sure to post our impact findings here for the Nexus community to evaluate the value of the matching program themselves. If you have any questions, this thread is the place to ask them!