In our series on bug bounties for @Aave listed assets, today we focus on @circle. The programs are a critical defense layer. With over $70B across USDC & EURC, a $5k max bounty is insufficient, leaving the ecosystem exposed. Hey @circle, here's how your program can be improved👇 @circle’s bug bounty program is currently managed by Hackerone and has a max reward of $5,000. The bounty’s scope covers a diverse range of assets, including smart contracts, API’s, and application domains. Documentation for this program is clear and precise; however, from our assessment, the max bounty is below the minimum $50,000 necessary to attract skilled security researchers, regardless of the value at risk. Given that USDC and EURC represent over $70 billion in value, we think a maximum bounty of only $5,000 is insufficient relative to the combined TVL. Although centralized, full-reserve issuers like Circle typically have lower bounties, this overlooks the fact that their attack surface extends far...
30.17K
102
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.