The Sandbox to Boost Security with a Bug Bounty Program

With the recent string of exploits and hacking attacks on new, innovative projects and protocols, the crypto industry has once again taken steps to increase security. Of course, that means that each project has to make a move on its own to secure its code, users’ money, private information, and more. The latest one to do so was The Sandbox — a popular metaverse project that allows users to create and monetize their own games, while simultaneously offering players to earn while playing them.

A new bug bounty program offers massive rewards for critical flaws

Yesterday, July 5th, The Sandbox posted a Twitter announcement noting that it wishes to make its metaverse safe and secure for everyone. However, in order to do that, it needs assistance from professional developers and white hat hackers. The project, therefore, announced the launch of its Bug Bounty Progam, noting that it aims to reward those who discover unknown bugs in the project’s ecosystem.

The project went into greater detail in its Medium announcement. According to the post, the program has already launched yesterday, July 5th, and participants can report bugs and receive rewards using the Immunefi platform. As is the usual practice, the rewards will depend on the severity of the reported flaw, and they will be paid in SAND tokens.

The bugs whose severity is deemed low will bring $1,000 in SAND, medium ones will be rewarded with $2,000, high severity bugs with up to $20,000, and critical bugs can bring rewards up to $200,000. The height of the rewards shows that The Sandbox is rather serious about the program, and willing to pay quite large amounts in order to avoid suffering exploits.

Details about the program

In the same post, the project noted that having safe and secure tokens is of utmost importance, but the project is too complex for a single team to be able to find all potential flaws contained within. And, despite the fact that The Sandbox invested a lot of time and money into audits and security checks, it has decided to double its efforts. It has already started two separate audits run by third parties in order to check The Sandbox’s smart contracts before they go live. However, the project also decided to involve the community and use the talents of exceptional individuals in order to strengthen its ecosystem and network.

One thing to note is that all bug reports must come with a PoC, with an end-effect impacting an asset-in-scope in order for it to be considered for a reward. Furthermore, participants will have to complete KYC in order to claim rewards, which are, once again, paid entirely in SAND tokens.

Any bug or bugs that get reported, but were previously revealed in audits or specified in the Immunefi bounty page, will not be rewarded for their rediscovery. Also, if two or more individuals or teams report the same bug, only the first report will be rewarded. Once the bug is submitted, the project’s team will investigate it and try to replicate it. If the bug ends up being unknown, the team will issue a reward, provided that the individual who reported it meets the mentioned criteria.

To learn more visit our Investing in The Sandbox guide.