// GLOSSARY -- SECURITY & COMPLIANCE

What is Bug Bounty?

1 min read Updated

A bug bounty program offers financial rewards to security researchers who discover and responsibly disclose vulnerabilities — creating economic incentives for finding bugs before attackers do.

WHY IT MATTERS

Bug bounties are DeFi's last line of defense before deployment. Even after multiple audits, undiscovered vulnerabilities may exist. Bug bounties incentivize the global security community to look for them — offering rewards that can reach millions for critical findings.

Platforms like Immunefi host crypto bug bounties, with cumulative payouts exceeding $100M. The highest individual bounties have reached $10M for critical vulnerabilities in major protocols.

Effective bug bounty programs have: clear scope, responsive triage, fair rewards proportional to severity, and safe harbor provisions protecting researchers from legal risk.

FREQUENTLY ASKED QUESTIONS

How much do bug bounties pay?
Varies enormously: $1K-$10K for low severity, $10K-$100K for high, $100K-$10M for critical. The payout reflects potential impact — a critical bug in a protocol with $1B TVL warrants a large bounty.
Who participates in bug bounties?
Independent security researchers, audit firms, and white-hat hackers. Some researchers specialize in specific protocol types or vulnerability classes. It's a legitimate and lucrative profession.
Do all DeFi protocols have bug bounties?
Most serious protocols do. The absence of a bug bounty is a red flag — it suggests the team either can't afford one or doesn't take security seriously. Check Immunefi for a protocol's program.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.