MDEX launched a contract bug bounty program to protect user assets across chains
BTC2025NB
2021-06-18 16:07
本文约2424字,阅读全文需要约10分钟
The highest reward is 60,000 USDT.

secondary title

1. BSC has gone through "Black May", and the repair of contract loopholes has become a top priority

BSC experienced a dismal "Black May". Public statistics show that in May, BSC suffered a total of more than 11 hacking attacks, involving more than 260 million US dollars. Among them, on May 20, the smart pool project PancakeBunny lost $45 million; on May 23, the index project DeFi100 lost $32 million; on May 28, the DEX protocol JulSwap tokens fell by more than 95% in a short period of time. To sum up the cause of most incidents, the contract loopholes of the projects on the BSC chain gave hackers too many opportunities.

Speaking of security vulnerabilities, Ethereum, the "king of public chains", also suffered from it in its infancy. Among them, the most famous one with the largest loss is: in early November 2017, a major security breach occurred in the Ethereum wallet Parity, resulting in a loss of more than 154 million US dollars.

The reason is that the programming language Solidity of the Ethereum smart contract and the design of the virtual environment EVM where the Ethereum smart contract runs are not yet perfect, and the project party did not put security protection at the first place in the early stage of rapid growth, so it cannot be fully implemented. 100% eliminate the emergence of security holes. Once the smart contract developer is slightly negligent or insufficiently tested, it may be exploited by hackers, which will lead to serious security problems and threaten users' funds.

From this point of view, BSC's "Black May" seems to be repeating the mistakes of Ethereum. Dr. Wu Jiazhi, a blockchain security expert at AmberGroup, said that BSC is equivalent to re-enacting Ethereum, which is based on the solidity programming language and EVM, so it is targeted by hacker teams because of frequent loopholes. LEON, a KOL in the BSC community and the founder of Tuao Lion Brothers, added that BSC was rarely attacked before, so the vigilance of the project was not enough. In addition, the ecology on the chain was quite prosperous under the bull market, which made hackers shift their attention here.

In desperation, the BSC official also publicly stated around May 30 that it might be targeted by an organized hacker team, and took the following measures to protect projects on the chain:

secondary title

2. MDEX, which has been running smoothly for nearly half a year, launched a contract bug bounty program

The bug bounty program, as the name suggests, is a platform that rewards various technical geeks online to find technical loopholes in their products and ensure that the risk is caught before the outbreak. This is also a technical risk control method commonly used by Internet giant platforms, which has the characteristics of strong openness and collective wisdom.

On June 18, MDEX officially announced the "Smart Contract Bug Bounty Program" on its official website. According to the announcement, this plan aims to protect the security of user assets, promote the healthy development of the MDEX ecosystem, and attract more professionals in the field of security research to participate in the construction of the MDEX ecosystem.

It is understood that since its launch on January 6 this year, MDEX, originally based on the Huobi ecological chain HECO, has been running smoothly and has become the leading project in the DEX track. According to Coinmarketcap data, as of 6:00 pm on June 18, MDEX's 24-hour trading volume reached 3.438 billion yuan, with a market share of 12.835%, ranking second overall, second only to Uniswap (V3). In addition, the data of the corresponding BSC version MDEX are 3.060 billion and 11.423% respectively, ranking fifth overall.

In fact, since MDEX announced its full-featured deployment on Binance Smart Chain BSC on April 8, its multi-chain deployment has accelerated. MDEX, which became the first dual-chain mining mechanism DEX, has also attracted much attention in the industry. As early as March this year, MDEX released a plan to implement multi-chain deployment within the year, extending services to mainstream public chains such as Ethereum (Layer 2), OEC, Polkadot, and Near. It is foreseeable that with the maturity of technology and the expansion of ecology, MDEX's multi-chain deployment plan will gradually be implemented. Therefore, MDEX running across chains has higher and higher requirements for the security of smart contracts on each chain, and the "contract bug bounty program" came into being.

It is worth mentioning that all rewards from this program will be issued in the form of MDX tokens.

The scope of application of the plan includes: MDEX's core contract and peripheral contracts. The former is the token contract, pledge mining contract and transaction mining on the HECO and BSC double chains, and the latter is the destruction contract and burning destruction contract on the double chain. Among them, the effective loopholes that can be awarded must meet the following conditions: it has not been reported before, it is non-public, and the loopholes will lead to the possible loss or locking of MDEX assets.

In the reward system, MDEX also spares no expense. The severity of contract vulnerabilities will refer toCVSS Risk RatingScale for assessment, divided into low, medium, high and severe four. Vulnerability discoverers with a severe level can receive an MDEX reward worth US$60,000. In addition, in addition to assessing the severity, MDEX will also set the reward amount based on the impact of the discovered vulnerabilities, as well as the difficulty level of discovering such vulnerabilities. Among them, if the vulnerability report has passed the preliminary review and is valid, the official will reply by email within 15 days. After the reply, the vulnerability level will be determined within 15 days and corresponding rewards will be given.

secondary title

3. In addition to improving security performance, expand the application scenarios of tokens

After analysis, the plan has three highlights:

1. At the right time, it was born when BSC public chain contract loopholes frequently occurred and projects were frequently thundered;

2. The amount is relatively high, and the maximum reward can reach 60,000 USDT;

3. Token rewards, that is, all rewards are issued in the form of MDX tokens.

Objectively speaking, the problem of smart contract loopholes has always been a stumbling block for the entire encryption industry to break the circle. It is related to the security of user assets and the reputation and credibility of various platforms. , Repair the system to prevent accidents from happening. The contract bug bounty program is indeed a good option.

MDEX has cross-chained BSC long before launching this plan, and completed the deployment of the decentralized exchange, which can be regarded as a key step in the interoperability of user assets. Through this plan, contract loopholes will also achieve "cross-chain repair", or it will become a basic security component in the future multi-chain parallel industry structure, which is of great significance to users and developers.

From a longer-term perspective, in the decentralized and highly open encryption world, calling on various technical experts to participate in the repair of technical loopholes through token incentives can not only improve the repair efficiency, but also increase the high-end users' interest in tokens. Recognition and acceptance can expand the application scenarios of tokens to a certain extent and enrich the application ecology.

BTC2025NB
作者文库