Bug Bounty Programs
Over the course of time Ethereum security has evolved to include different flavours of bug bounty programs which will be detailed below:
Bug Bounty Platforms¶
The first category are bug bounty platforms wherein a development team submits their project to a platform that either manages the programme for them or simply lists their project for exposure and reach toward interested security researchers. These platforms are further divided by type. The first are web3 native platforms hosting the majority of smart contract and frontend bug bounty programmes you'll find and the second are traditional platforms hosting majorly programmes with the frontend of centralized exchanges in scope. Finally, there are bounty collaboration platforms where developers are paid to code and implement new features or smart contracts.
Web3 native platforms:
Bounty collaboration platforms:
Crowd-sourced Security Solutions¶
In response to the high demand and low supply for professional smart contract security review firms, a few crowd sourced solutions have emerged to solve the issue. They all employ a bug bounty-esque model hence inclusion on this list. They call them "audit contests" with freelance security researchers scrambling to find and report vulnerabilities within a set time period i.e two weeks with payouts only being issued for successful findings. Examples are listed below:
Project Managed Bounties¶
The final category for now consists of bug bounty programmes that are directly managed by the project team itself and are often focused on smart contracts in their scope whether that's contributing to their features or breaking them.
Issues and PRs are welcome to add new bounties, or remove those which are no longer active.