Immunefi wants to resolve the trust issue that currently exists in bug bounty programs by creating a decentralized version of the bounty programs we currently run on our “Web2” infrastructure. This system provides a way for projects to lock assets for bug bounties to further incentivize hackers to review their projects.

A project can prove their proof of assets deploying a vault via Immunefi Dashboard and depositing assets. The project is the ultimate owner of the vault, none else can access or operate their funds. The system is non custodial.

Currently a vault is implemented as a Gnosis Safe.

A project pays a successful report submission by a whitehat using the Splitter. This contract handles automatically the distribution of the bounty payment to the whitehat and the Immunefi fee.

This is a beta and up to changes in the next iterations.

Deployments available on Ethereum Mainnet and Goerli.

You will need the following software on your machine:

• Git
• Foundry
• Node.Js
• Yarn

To test and deploy you need only Foundry.

1. Run forge test

1. Copy .env.example to .env and set variables based on your environment
2. Run source .env && forge script script/SplitterDeployer.s.sol:SplitterDeployer

If you discover any security issues, please follow the Immunefi Bounty Program to submit.

• Internal Audit by Immunefi Triaging Team
• External Audit by Ourovoros
• External Audit by Ourovoros - May 2023