Immunefi wants to resolve the trust issue that currently exists in bug bounty programs by creating a decentralized version of the bounty programs we currently run on our “Web2” infrastructure. This system provides a way for projects to lock assets for bug bounties to further incentivize hackers to review their projects.
A project can prove their proof of assets deploying a vault via Immunefi Dashboard and depositing assets. The project is the ultimate owner of the vault. No one else can access or operate their funds. The system is non custodial.
Currently a vault is implemented as a Gnosis Safe.
A project pays a successful report submission by a whitehat using the Splitter. This contract handles automatically the distribution of the bounty payment to the whitehat and the Immunefi fee.
This is a beta and up to changes in the next iterations.
Deployments available on Ethereum Mainnet and Goerli.
You will need the following software on your machine:
To test and deploy you need only Foundry.
- Run
forge test
- Copy
.env.exampleto.envand set variables based on your environment - Run
source .env && forge script script/SplitterDeployer.s.sol:SplitterDeployer
If you discover any security issues, please follow the Immunefi Bounty Program to submit.