Introducing The Serum Bug Bounty Program
Today, we are excited to formally launch the Serum Bug Bounty Program for our community and security researchers. It is imperative to proactively compensate users and security researchers to constantly be on the lookout for bugs, exploits and security risks within the platform, so that any type of issue can be spotted early and resolved before anything catastrophic can transpire
Keeping the Serum DEX as an open-source platform is crucial because it helps provide transparency and keeps projects building with Serum secure. The “thousands of eyes on the code” idea is proven to be accurate and we now see that our open source strategy pays off in more adoption and higher security.
In an effort to ensure the continued growth and success of any ecosystem and all projects looking to utilize Serum’s DEX and liquidity infrastructure, properly compensating white hats through a bug bounty program was a logical next step for us. The bug bounty program is essential for the Serum ecosystem as it will give ethical hackers a reward for supporting the protocol by proactively checking the platform to ensure there are no security risks, bugs, exploits, etc. If you couple secure code reviews with a robust bug bounty program, the security posture is higher across the entire ecosystem.
We want to encourage the users of the Serum DEX to report any findings to us and keep the DEX as the most secure and versatile exchange on the Solana Blockchain. White hat hackers who identify and alert Serum about bugs and security risks will be compensated based on the varying degree of the risk. Learn more about our Bug Bounty Program here.
BTblock receives first reward from Serum Bug Bounty Program
BTblock, a blockchain security and code review firm, recently discovered a security risk concerning the use of the Serum DEX in the project during a review of code that touched Serum code.
After further investigation, BTBlock realized it was a bug in the Serum DEX itself, which could only be exploited by bad actors utilizing a Serum market for malicious acts. Within the investigation, it was determined that the bug had not been exploited. Serum was informed by BTblock on Dec 16th, and Serum pushed an emergency bug fix to patch the exploit the same day.
As a result of reporting the bug to the Serum developers, BTblock has been awarded 30,000 $SRM. We want to once again thank and commend the team at BTblock for uncovering the bug and thus ensuring no bad actors were able to exploit it for malicious acts.
For additional details on the bug, visit BTblock’s detailed blog on it here.