Omni’s Bug Bounty Program is Live on Immunefi
The Omni Foundation is offering a $500,000 bug bounty to incentivize developers and ethical hackers to uncover protocol vulnerabilities. To support this initiative, Omni is collaborating with Immunefi, crypto’s leading bug bounty platform. Omni’s project page on the Immunefi platform can be found here.
What is Immunefi?
Immunefi is the leading bug bounty platform in Web3, connecting white hat hackers and security analysts with blockchain projects to identify and resolve vulnerabilities. By detecting potential threats, these ethical hackers earn substantial rewards while helping enhance the security of participating projects. With its groundbreaking approach to blockchain-related bug bounties and a team of top-tier security experts, Immunefi has set the standard for safeguarding the Web3 ecosystem.
Over the years, Immunefi has saved over $25 billion of users’ funds from being stolen or misused. In the process, ethical hackers have earned over $110 million in bounties. At present, the platform has bug bounties worth $182 million available.
Immunefi offers significant opportunities for both ethical hackers and project owners. Hackers can participate in bounty programs suited to their expertise, analyze code, report vulnerabilities, and earn rewards. At the same time, projects can strengthen their security with the expertise available through Immunefi. This trusted platform has attracted several industry leaders, including Chainlink, Sky, Optimism, and LayerZero, who have collaborated with Immunefi to safeguard their ecosystems.
Omni’s $500,000 Bug Bounty Program Overview
With Omni, our goal is to make Ethereum’s rollup ecosystem feel like a single chain for users and developers alike. Omni’s V1 release in scope for this competition consists of two primary building blocks: xchain messaging and the Omni EVM. These building blocks are supported by three components that make up the Omni’s core network architecture:
- Smart contracts on supported chains
- Cosmos SDK client (Halo) which acts as our consensus client for xchain messaging and for the EVM
- Vanilla geth as the EVM execution client
Participants can earn a maximum reward of $500,000 paid out in USDC on Ethereum L1. Submissions will be categorized based on their severity and will be eligible for the following bounty ranges:
- Critical: $25,000 — $500,000
- High: $5,000 — $25,000
- Medium: $1,000 — $5,000
- Low: $1,000
A full breakdown of competition details and assets in scope can be found here on Omni’s project page on the Immunefi platform.
Vulnerability Submission
To submit a vulnerability, participants will use the Immunefi platform. Omni adheres to the Primary of Impact for all submissions. Primacy of Impact means that the impact is prioritized rather than a specific asset. This encourages security researchers to report on all bugs with an in-scope impact, even if the affected assets are not in scope. For more information, please see Best Practices: Primacy of Impact. When submitting a report on Immunefi’s dashboard, the security researcher should select the Primacy of Impact asset placeholder.
Submissions will require a Proof of Concept (PoC) that demonstrates the bug’s impact. The PoC must comply with Immunefi’s PoC Guidelines and Rules. Submissions will also require KYC with the Immunefi platform. Finally, submitted bugs will be triaged by Immunefi.
Learn more about how to participate in the bug bounty at bugs.immunefi.com.
Towards a Secure Future
At Omni, we prioritize safety above all else. To this extent, Omni has been successfully audited by leading blockchain auditors such as Spearbit (1, 2), Sigma Prime (1, 2), and Zellic (1). Additionally, the Omni Foundation paid out $1,000,000 in bounty rewards during the Spearbit Cantina competition.
By working with Immunefi, Omni now offers an ongoing bounty program, empowering researchers to identify and report potential vulnerabilities in our protocol. We’re thrilled to collaborate with our community to ensure Omni remains the most secure and reliable abstraction layer for the onchain economy.