Bug Bounty Matching Program with Immunefi

Not a member of Nexus Mutual? Don’t worry — we’ve got you covered.

Announcing the Nexus Mutual Bug Bounty Matching Program: a free service offered by the mutual to better protect users of major DeFi protocols. Through our bug bounty matching program and our cover policies, Nexus Mutual is dedicated to protecting a greater share of DeFi.

Nexus Mutual is a member-owned, member-operated organisation, and our members take security in DeFi seriously. Our community voted in favour of a trial Bug Bounty Matching Program with Immunefi, the leading bug bounty platform serving DeFi protocols. With the mutual’s partnerships, listed protocols benefit from increased security by virtue of being listed on Nexus Mutual.

Through the Bug Bounty Matching Program, Nexus Mutual will continue the work of keeping DeFi users safe, while using community funds to increase critical vulnerability payouts for listed protocols. At the launch of this program, the mutual has chosen several Nexus Mutant favourites, or protocols with significant cover buys, to provide 1:1 matching payouts with up to 2500 NXM ($200,000) per valid critical bug report.

Immunefi has expanded bug bounty programs within DeFi, and because of their diligent work, more blackhats are becoming whitehats. By working with Immunefi and incentivising disclosures for popular listed protocols, the mutual can further incentivise blackhats to become whitehats. Nexus Mutual exists to protect users in DeFi and prevent capital loss: the Bug Bounty Matching Program allows our community to protect more DeFi users with incentives backed by NXM.

Below are the initial protocols selected for the Bug Bounty Matching Program:

Alpha Finance | Critical Vulnerability Payout of $750,000BadgerDAO | Critical Vulnerability Payout of $750,000Bancor | Critical Vulnerability Payout of $100,000Compound | Critical Vulnerability Payout of $50,000Pool Together | Critical Vulnerability Payout of $25,000Sushiswap | Critical Vulnerability Payout of $1,250,000Synthetix | Critical Vulnerability Payout of $200,000Vesper Finance | Critical Vulnerability Payout of $200,000Yearn Finance | Critical Vulnerability Payout of $200,000

Immunefi outlines the process of this program in their announcement.

The way the program works is a straightforward, two-part process:

1. Any successful critical bug report (per Immunefi criteria) on an approved project is subsequently reviewed by the Nexus core team

2. If exploitation of the critical vulnerability would have resulted in a payout, the Nexus core team agrees to provide a 1:1 matching payout up to $200,000

If this program proves successful, the program may be expanded to include additional listed protocols. The Nexus Mutant community looks forward to collaborating with DeFi security experts to make the ecosystem safer and improve the protections for the mutual’s listed protocols. Whether you are a DeFi power user or a multi-billion dollar protocol, Nexus Mutual has you covered.

Is your protocol interested in the Nexus Mutual Bug Bounty Matching Program? Sign up with Immunefi and get integrated with Nexus.