- The Ethereum Foundation and Immunefi have announced an “Attackathon” security audit competition
- The pair hope to raise over $2 million in rewards by August 1 through crowdfunding
- Immunefi has also announced a $1 million bug bounty for Solana bug hunters this week
The Ethereum Foundation and bug bounty platform Immunefi have joined forces to launch an ambitious security audit competition called the “Attackathon.” The contest aims to be the largest crowdsourced security audit in history, running over four weeks, with over $2 million in rewards hoping to be raised by the time it gets underway on August 1. The Attackathon is the second major initiative announced by Immunefi this week, following the announcement of a $1 million bug bounty reward pool for Solana bug hunters.
The Ethereum Foundation announced the Atackathon in a blog post on Tuesday, inviting developers and projects to participate in a time-bound audit to uncover vulnerabilities in the Ethereum protocol’s code. The competition is designed to enhance the security of the protocol by leveraging the collective expertise of the global developer community.
The Ethereum Foundation has initially seeded the reward pool with $500,000, but aims to raise over $2 million from contributors by August 1, when the final pool will be locked. The funds will be deposited directly into the Attackathon vault on Immunefi which will transparently display the allocation of a program’s funds and streamline the payment process between projects and security researchers, ensuring an efficient and transparent payout system.
Fredrik Svantes, the protocol security research lead at Ethereum, expressed enthusiasm about the initiative, saying he was “excited to launch the first audit competition targeting the protocol itself” and emphasized the foundation’s commitment to securing the Ethereum network.
Immunefi highlighted the opportunity for top-performing whitehat hackers to showcase their skills to the entire Ethereum community:
The Attackathon will showcase Immunefi’s elite security researcher community, competing to secure the protocol in a time-boxed audit competition with the potential to earn massive rewards, reputation, and glory. Top performing whitehats will have their skills recognized in front…
— Immunefi (@immunefi) July 8, 2024
The largest bug bounty on record was a $15 million reward pool from LayerZero in May. The cross-chain messaging protocol partnered with Immunefi to offer substantial payouts for identifying critical vulnerabilities, with rewards ranging from $250,000 to $15 million for significant bugs in key blockchain networks such as Ethereum and Avalanche.
To date, Immunefi claims to have paid out over $100 million in bounties and helped prevent $25 billion in potential hack damage. The Attackathon is the second major initiative announced by Immunefi in the same week, which is also overseeing a $1 million bug bounty reward pool for developers who identify bugs in a new Solana validator client built by Jump Crypto.
