bug

Aave announced that its bug bounty program has been updated to better align rewards with the risk status of each part of the ecosystem and to simplify the review process. The maximum reward for critical vulnerability fixes for Aave V4 and Core Aave V3 has now been increased fivefold.

According to official news, the smart contract auditing platform Code4rena has announced that it will gradually cease operations, and the Web3 security company Immunefi will take over its clients and security researchers. Code4rena posted on social media that it has made the decision to shut down and stated that all ongoing competitions and bounty activities will be completed as usual, and existing collaborations will be "properly concluded." Immunefi stated that it will assist in migrating Code4rena's bounty projects, reward structures, and researchers to its platform.Code4rena is known for its "competitive auditing" model, where independent researchers compete to find vulnerabilities in smart contracts for rewards. This shutdown comes less than two years after blockchain security company Zellic acquired Code4rena in 2024. Previously, Code4rena raised $6 million from Paradigm in 2023 for auditing incentives and platform expansion.This shutdown comes at a difficult time for DeFi protocols and the security sector. Data from DefiLlama shows that there were over 20 crypto vulnerability incidents in April alone, setting a monthly record. JPMorgan analysts believe that ongoing DeFi security incidents are limiting major institutional investors from entering the market. Meanwhile, the total value locked in DeFi has decreased from about $160 billion in October to approximately $83 billion currently.

After the Kelp security incident, Tether's asset interoperability protocol USDT0 announced details of its protocol security architecture, stating that the current system uses a proprietary DVN (Decentralized Verification Network) and has message veto power, while requiring 3 independent validators to reach a 3/3 consensus based on different codebases before cross-chain messages can be settled.The current validating nodes include USDT0's proprietary DVN, LayerZero, and Canary, with plans to expand to 4/4 and 5/5 verification mechanisms in the future. USDT0 also stated that all multi-signature transactions must undergo multiple reviews by internal teams, external security teams, and auditing institutions before submission for signing. Relevant contracts have been audited by organizations such as Guardian and OpenZeppelin and have launched a $6 million bug bounty program on Immunefi.

The prediction market platform Polymarket has launched a bug bounty program on the Cantina platform with a maximum reward of $5 million. The program covers the entire technology stack, including 18 smart contracts on Polygon (V1/V2 CTFExchange and NegRisk versions, fee modules, conditional token frameworks, pUSD collateral wrapping/unwrapping systems, UMA oracle adapter, etc.), web applications, and related infrastructure (key web vulnerabilities such as remote code execution, sensitive data leakage, subdomain takeover involving wallet interaction, and malicious transaction injection are all eligible for the highest reward level).The maximum reward for smart contract-related vulnerabilities is $5 million, while the maximum reward for web application-related vulnerabilities is $250,000. The program is now officially open for submissions.

The Web3 security platform Immunefi announced on the X platform that the DeFi protocol Alchemix has relaunched its bug bounty program based on its latest v3 contract, with a maximum reward of $300,000.This program aims to encourage security researchers to review the new version of the contract code and identify potential vulnerabilities in advance to enhance the overall security of the protocol. Immunefi stated that this is currently a critical window for auditing the relevant code and participating in the bounty program.

According to Ethereum Foundation security researcher Fredrik, the Ethereum Foundation's bug bounty program has increased the maximum reward amount from $250,000 to $1,000,000.

Binance founder Changpeng Zhao posted on X platform: "It claims that after installing OpenClaw, you don't have to do anything. After that, all the time was spent adjusting that useless lobster."

The OKX Joint Security Platform Cantina officially launches the OKX On-Chain Contract Vulnerability Bounty Program, with a total prize pool of $1 million. This program focuses on on-chain smart contracts that have been deployed on the mainnet and are in a real production environment, currently offering security audit bounties for DEX routing and related contracts that actually handle user asset flows.OKX currently operates production-grade on-chain DEX routing infrastructure across multiple ecosystems, which is a critical execution path for user on-chain transactions. By introducing a continuous, structured, and public vulnerability audit bounty mechanism, OKX aims to further enhance the security and transparency of on-chain trading systems, setting a standard for the security maintenance of production-grade on-chain systems in the industry.

SVM Layer 1 project Fogo posted on platform X: "We have detected a vulnerability that causes the first season Flames EVM wallet points to not display correctly. We are currently investigating this issue, please check back in 24 hours. If the problem is resolved earlier, we will update the notice promptly."

Vitalik stated on the X platform that the assertion "bugs are inevitable, you cannot write bug-free code" will no longer hold true in the 2030s.Vitalik believes that while many software will still have bugs (because enhancements in functionality are more important in specific use cases), if developers truly wish to have bug-free code, this goal will be achievable in the 2030s.

The founder of Paradigm, Matt Huang, retweeted @notnotstorm's research on social media, pointing out that Polymarket has a data statistical error, resulting in the trading volume in its public data being double-counted. This issue may have affected most publicly cited data by third parties.

The founder of Paradigm, Matt Huang, shared research from @notnotstorm on social media, pointing out that Polymarket has data statistical errors, leading to the trading volume in its public data being double-counted. This issue may have affected most publicly cited data by third parties.

Cointelegraph monitored that shortly after the Fusaka network upgrade, the participation of validators in the Ethereum network sharply declined due to a bug in the Prysm consensus client, resulting in a large number of voting nodes going offline.Prysm officially announced on Thursday that its v7.0 version client unnecessarily generated old states when processing outdated attestations, causing nodes to malfunction. Developers recommended that users temporarily start the client with the "--disable-last-epoch-targets" flag as a workaround.Data from Beaconcha.in shows that in Epoch 411,448, the network's sync participation and voting participation dropped to 75% and 74.7%, respectively. The voting participation decreased by 25%, falling just under 9 percentage points short of the two-thirds majority (66.6%) required for the network to maintain finality.The extent of the decline in voting participation roughly corresponds with the share of validators using the Prysm consensus client, indicating that the failures in attestations are likely concentrated among Prysm validators. Previously, Prysm's share had reached as high as 68.1%. As of the time of writing, the current voting participation in the Ethereum network's Epoch (411,712) is nearly 99%, with sync participation at 97%, indicating that the network has recovered.Current data from MigaLabs shows that Lighthouse still accounts for 52.55% of consensus nodes, with Prysm in second place at 18%. Ethereum educator Anthony Sassano stated that if Lighthouse encountered this bug, the network would lose finality.

According to The Block, Uniswap's "UNIfication" governance proposal has received support of over 63,000,000 UNI tokens in the preliminary Snapshot vote, with almost no opposition. The proposal aims to unify Uniswap Labs and the Uniswap Foundation under a coordinated governance framework while activating a protocol-level fee mechanism.Currently, a $15,500,000 Cantina bug bounty program has been launched, covering the new fee switch smart contract in preparation for a full on-chain vote expected next week.

Uniswap launches a new bug bounty program on Cantina with a maximum reward of $15.5 million, aimed at encouraging researchers to find and report security vulnerabilities in the Uniswap protocol, Uniswap web interface, backend services, mobile and extension wallets, and infrastructure. The program offers rewards categorized by the severity of the vulnerabilities, including critical, high, medium, and low levels, with corresponding maximum rewards of $15.5 million, $1 million, $100,000, and $50,000, respectively.

ChainCatcher news, according to official sources, Coinbase has announced a partnership with the Cantina platform to launch a $5 million bug bounty program focused on the security of its on-chain products and Base smart contracts. This is one of the largest Web3 security programs to date, aimed at setting a new benchmark for security standards for global Web3 organizations.The program operates through the Cantina platform, where all submitted vulnerabilities will be assessed by Web3 security experts, and rewards will be graded based on the reproducibility and technical impact of the vulnerabilities. Security researchers can now participate in the program to validate critical infrastructure through a structured process.

ChainCatcher message, Binance Alpha has now launched BUGSCOIN (BGSC).Eligible users can claim an airdrop of 7,360 BGSC tokens using Binance Alpha points on the Alpha event page within 24 hours after the trading starts.The Binance Alpha airdrop will be conducted in two phases:Phase One (first 18 hours): Users with at least 210 Binance Alpha points can claim the airdrop.Phase Two (last 6 hours): Users with at least 170 Binance Alpha points can participate in the second phase airdrop, on a first-come, first-served basis, until the airdrop pool is exhausted or the airdrop event ends.Please note that claiming the airdrop will consume 15 Binance Alpha points. Users must confirm their claim on the Alpha event page within 24 hours, otherwise it will be considered a forfeiture of the claim.

ChainCatcher news, according to official sources, 1inch has announced the launch of five bug bounty programs to encourage the community to responsibly disclose vulnerabilities, primarily targeting the 1inch smart contracts ($500,000 reward), 1inch wallet ($100,000 reward), 1inch developer portal ($100,000 reward), dApp ($50,000 reward), and infrastructure ($20,000 reward).

ChainCatcher news, Simon Gerovich, CEO of the Japanese listed company Metaplanet, which adopts a Bitcoin treasury strategy, stated on the X platform that volatility is not a bug of Bitcoin, but a signal, an energy, a fuel. Volatility drives the flywheel of Bitcoin, accelerating the accumulation of Bitcoin. Most importantly, the volatility of Bitcoin is attractive to capital.