Polymarket Launches Bug Bounty Program On Cantina With Rewards Of Up To $5M

Prediction market platform Polymarket launched a bug bounty program in partnership with the Web3 safety platform Cantina, providing rewards of as much as $5 million. The initiative targets vulnerabilities throughout the platform’s full infrastructure, together with sensible contracts, collateral programs, oracle integrations, and its net software.

The platform, identified for enabling customers to put real-money bets on occasions akin to elections, central financial institution choices, and main sports activities outcomes, has processed billions of {dollars} in buying and selling quantity, significantly through the 2024 United States election cycle. Its contracts function on the Polygon Proof-of-Stake community and incorporate a number of settlement pathways, a number of signature verification strategies, and a system that bridges stablecoins with an inside token.

The program is split into two important areas. The first focuses on trade and settlement infrastructure, which features a set of 18 sensible contracts chargeable for commerce execution, payment dealing with, collateral administration, oracle-based decision, and pockets deployment. It additionally covers integrations with the Gnosis Conditional Tokens framework, although core points inside that framework are excluded. The second space addresses vulnerabilities inside the net platform, together with crucial dangers akin to distant code execution, information breaches, subdomain takeovers involving pockets interplay, and malicious transaction injection.

Incentive Structure And Severity Classification

Rewards are structured by severity. For sensible contract vulnerabilities, crucial findings can obtain between $50,000 and $5 million, whereas high-severity points might earn as much as $500,000. Web-related vulnerabilities provide decrease most payouts, with crucial points reaching as much as $250,000. Severity ranges are decided primarily based on a standardized framework that considers each impression and chance.

Several technical options are anticipated to draw safety researchers. The platform’s newer trade contracts use low-level meeting optimizations for processes akin to hashing and occasion dealing with, which may introduce dangers not usually current in higher-level code. The signature verification system helps a number of validation sorts, every interacting with a nonce mechanism designed to forestall replay assaults, creating potential edge circumstances.

The collateral system provides additional complexity by changing user-deposited stablecoins into an inside token by an upgradeable contract, which then interacts with a conditional token framework to handle positions. Additional adapter layers are used for multi-outcome markets, rising the variety of potential vulnerability factors. Oracle performance is dealt with by UMA’s Optimistic Oracle, with adapter contracts linking oracle outcomes to market settlement additionally included in scope.

In order to qualify for higher-tier rewards, submissions should embody detailed proof-of-concept demonstrations. Smart contract experiences require reproducible assessments on an area Polygon surroundings, whereas net vulnerabilities should embody clear replication steps and supporting proof. All experiences are submitted through Cantina, with immediate disclosure inspired.

The program highlights Polymarket’s complicated structure and important monetary exercise, positioning it as a high-value goal for safety analysis.

The submit Polymarket Launches Bug Bounty Program On Cantina With Rewards Of Up To $5M appeared first on Metaverse Post.