Proponent: Fy6erZmPp78ZY2cN945FU9KnKdATmxvG2eB9a1kh2VX33xz
Date: 01.03.2024
Requested KSM: $250,000 (5102 KSM - based on EMA7 March 1st 2024)
Short description:
Bridges enable transferring data, assets, and more between multiple chains. Due to their pivotal role and high transaction volumes, they have simultaneously become a hotspot for malicious activities. When exploited, these breaches can lead to significant impact including financial losses.
This proposal aims to ensure the utmost security of the bridges and promote community involvement by implementing a Security Bug Bounty Program. While all developers involved work hard to ensure the software and protocols built are bug-free, secure by design, and third-party code audits have been already performed, it is recognised security best practices to complement this. That’s why Polkadot and Kusama need community and bug bounty hunters to help to identify security vulnerabilities that could cause impact from all the severity levels before it is widely used and adopted.
To support this, the Bug Bounty participants are provided with many context details in the full proposal attached, including a threat model of the scope.
As a security vulnerability in the bridge can impact both the source and destination blockchains, a mirror bounty is raised on Kusama and Polkadot
Thanks for your time and support to make Polkadot more secure !
This bridge is absolutely needed for the Polkadot ecosystem as it makes two networks maturer in terms of being useful.
However, bridges are usually happen to be the most fragile gear in a system; hence, an exhaustive security assessment is must have.
Bug bounty program is a natural way to engage auditors, so @Fy6e...33xz let's move forward with this initiative.
I vote YES for this proposal.