Axie Infinity maker floats bug bounty program after $600 million Ronin hack

Sky Mavis, the studio behind the popular Axie Infinity game, has floated a bug bounty to unearth security vulnerabilities in its ecosystem following the theft of over $600 million from its Ronin network.

Announced on Tuesday, the bug bounty covers two categories covering both smart contracts and web-related issues. Rewards for vulnerabilities with the ecosystem’s blockchain and smart contract infrastructure will range from $1,000 to $1,000,000 depending on the severity.

Some of the prioritized smart contract vulnerabilities listed by Sky Mavis include re-entrancy, oracle manipulation, and signature malleability, among others. Other bugs the team wants white hat hackers to look into include authentication errors, flash loan attacks, and susceptibility to front running.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Bugs in the web or app interface will see rewards between $50 to $15,000, also depending on the severity. The Sky Mavis team said it may also award additional bonuses for exceptional bug reports.

The blockchain gaming studio will pay bug bounties in its AXS token. Fatal bounties that command a $1 million reward will include a vesting requirement with a six-month tenure. This means that recipients will only be able to liquidate a specified portion of the funds per month.

Sky Mavis’ bug bounty announcement is the latest step taken since the Ronin hack. In March, an attacker was able to drain $600 million from the Ronin bridge.

Other actions taken since the hack include replacing the validators compromised in the attack. Sky Mavis has also raised $150 million as part of the restitution for users affected by the incident.

About Author

Osato is a news reporter at The Block as part of the crypto ecosystems team that focuses on DAO governance, staking, blockchain layers, and DeFi. He was previously a news reporter at Cointelegraph. Based in Lagos, Nigeria, he enjoys crosswords, poker, and attempting to beat his Scrabble high score. Follow him on Twitter at @OsatoNomayo.