What to know:
- Hyperbridge Protocol launched a $50K bug bounty to review cross-chain security risks.
- Researchers can report spoofing, logic flaws, reentrancy, and state manipulation bugs.
- The bounty follows an April exploit that exposed weaknesses in message verification.
Hyperbridge Protocol has opened a public bug bounty on HackenProof, offering up to $50,000 for critical vulnerabilities. The program invites security researchers to inspect its public codebase after an April exploit exposed weaknesses in its cross-chain gateway and message verification.
As per the report, the HackenProof listing shows the Hyperbridge Protocol program is live and active. It explains that Hyperbridge is a cross-chain communication system that relies on consensus and state proofs rather than the previous cross-chain bridge structure of multisig committees.
Also Read: Bitwise Launches Hyperliquid ETF with Native Staking
Hyperbridge Protocol Bounty Targets Critical Bridge Flaws
The severity determines the reward payments. The range of low severity reports begins at $200, and medium severity ranges from $2,000 to $5,000. Vulnerabilities rated as “high risk” are eligible for $5,000 to $15,000. Critical reports can earn up to $50,000.
It includes the entire Hyperbridge protocol repository. Researchers can report logic flaws, access-control failures, reentrancy, cross-chain message spoofing, state manipulation, and any bug that might impact message integrity or the safety of the funds.
The new review follows an April attack on the Hyperbridge Protocol gateway. An attacker minted about 1 billion fake DOT-equivalent tokens on Ethereum through a forged cross-chain message. With admin access, the attacker was able to steal approximately $237,000 worth of Ether.
The fake token supply impacted the bridged representation of DOT. The earlier report indicated that the native network technically had no effect on Polkadot. The incident also demonstrates the risks of bridges created due to weak verification checks and forged messages.
HackenProof Rules Require Proof-of-Concept Reports
Hyperbridge has placed limits on testing activity. Local forks are the only ones allowed for use in research. The project does not include attacks on live infrastructure, social engineering, third-party exploits, spam, DDoS testing, service disruption, or access to personal data.
The HackenProof page also requires proof-of-concept submissions. Reports that are only theoretical will not be accepted. Researchers must stay within the listed scope and avoid public disclosure unless approval is given.
Hyperbridge Protocol had drawn media attention before the April incident. Enjin Blockchain created Hyperbridge on testnet to facilitate cross-chain stablecoin transfers between Ethereum and BNB Chain, using USDC and USDT stablecoins.
The previous configuration demonstrated the need for bridge security. Users mint tokens on one chain and get a corresponding token on another network. If proof checks fail, one contract issue can spread across a cross-chain system.
The bug bounty program expands the scope of the Hyperbridge Protocol codebase for review. The program provides researchers with a channel to report on the project’s efforts to decrease the incidence of repeat failures and enhance security measures.
Also Read: THORChain Hack Drains $10M+ as RUNE Drops 10%: ZachXBT
Be the first to comment