Immunefi wants to resolve the trust issue that currently exists in bug bounty programs by creating a decentralized version of the bounty programs we currently run on our “Web2” infrastructure. This system provides a way for projects to lock assets for bug bounties to further incentivize hackers to review their projects.
A project can prove their proof of assets deploying a vault via Immunefi Dashboard and depositing assets. The project is the ultimate owner of the vault, none else can access or operate their funds. The system is non custodial.
Currently a vault is implemented as a Gnosis Safe.
A project pays a successful report submission by a whitehat using the Splitter. This contract handles automatically the distribution of the bounty payment to the whitehat and the Immunefi fee.
This is a beta and up to changes in the next iterations.
Deployments available on Ethereum Mainnet and Goerli.
You will need the following software on your machine:
To test and deploy you need only Foundry.
- Run
forge test
- Copy
.env.example
to.env
and set variables based on your environment - Run
source .env && forge script script/SplitterDeployer.s.sol:SplitterDeployer
If you discover any security issues, please follow the Immunefi Bounty Program to submit.