Product Update Issue 14: C-OP Open Bounty Begins!
UNION’s public bug bounty program for C-OP begins today at 12pm US Pacific Daylight Time (UTC-7), April 26th, 2021.
As part of the process, bounty hunters will work directly with C-OP code on the ImmuneFi network to identify critical vulnerabilities.
Initial target of 5 days for initial identification and remediation. PRODUCTION LAUNCH OF C-OP WILL COMMENCE ON BASIS OF VOLUME AND QUALITY OF PUBLIC AUDIT FEEDBACK.
Defects confirmed and addressed by the team will be logged and reported to the community.
UNION has developed C-OP as a mechanism to make DeFi less risky and less expensive. We have completed two audits — a Sanctum-coordinated and an external security audit. All identified vulnerabilities have been addressed; however, we believe the best way to achieve security and confidence in our platform is to get the broadest base of experience to dig into the code.
Through work with our Sanctum cybersecurity Center of Excellence, we have chosen Immunefi as the best way to get the broadest exposure to a skilled community of enthusiastic white-hat security researchers. Immunefi is a bug bounty platform for smart contracts and DeFi projects, where bounty participants review code, disclose vulnerabilities, and collect rewards.
The team at Immunefi are hosting the UNION bug bounty program, so any issues found can be submitted there. Claims will be filtered by Immunefi and valid ones investigated by the UNION team and contributors.
More about this collaboration and details regarding the bug bounty program can be found at: https://sanctumsecurity.medium.com/sanctum-partners-with-immunefi-to-coordinate-on-a-1-week-bug-bounty-program-for-unions-c-op-51fbd15c130b
We expect the majority of learnings from the bounty program to be absorbed within the first 5 days.
We will update this Thursday with progress of the bounty program and additional clarity on our launch window.
Given the number of external audits already remediated to this point, we are confident that C-OP will not see a protracted launch from the start of UNION’s public bounty.
Where are the audits?
All reports will be released prior to our production push to the mainnet. We do not want to bias bounty participants or their testing.
Bug Bounty Resources / Links for participants:
- Source code: https://github.com/UNIONProtocolFoundation/OC-Protection
- Public frontend: https://ocp-bounty.unn.finance
- Public api:
UNION is a technology platform that combines bundled protection and a liquid secondary market with a multi-token model. DeFi participants manage their multi-layer risks across smart contracts and protocols in one scalable system. UNION decreases the entry barriers for retail users and lays the foundation for institutional investors. UNION’s full-stack DeFi protection is inclusive, composable, and brings battle-tested capital and pricing models from TradFi to the DeFi ecosystem.
Telegram ANN: https://t.me/UNNFinanceANN
This announcement is for informational purposes only and is not an offering to participate. Yield farming and liquidity mining carry substantial risk. Never send virtual assets to a smart contract you cannot afford to lose. This announcement does not constitute financial advice.