ChainCatcher news, Compound DAO previously initiated the "Comet Vulnerability Disclosure (Fixed) Bounty Program Reward" proposal to reward a blockchain developer who reported and fixed the vulnerability, but the final voting result fell short by 15,000 votes (not reaching the necessary 400,000 statutory support votes). Over 70% of the votes supported this proposal.It is reported that the pseudonymous developer "KP" discovered a vulnerability in the Compound COMP -1.33% v3 protocol (also known as Comet). According to KP's estimation, this vulnerability would allow hackers to directly steal user funds, but it would be fundamentally unprofitable (stealing $1 million in funds would cost the attacker billions of dollars in gas fees).After discovering and verifying the vulnerability, KP reported it to Compound and its security partner OpenZeppelin, providing a code repository that included a proof-of-concept simulation of the attack. After the vulnerability was patched, KP proposed to the Compound DAO for a reward of $125,000. This proposal received support from Kevin Cheng, the head of the Compound Labs protocol, and Michael Lewellen, the head of solutions architecture at OpenZeppelin.

ChainCatcher news, friend.tech has launched a bug bounty program, covering the contracts deployed on Base, applications hosted on the friend.tech website, and other vulnerabilities that may threaten user funds, with rewards of up to 1 million USDC.

ChainCatcher news, dYdX announced the launch of the dYdX Chain bug bounty program, which will offer a bounty of up to 1 million USDC to users who find vulnerabilities in the v4 contracts, with the specific amount awarded based on the severity of the vulnerability.The bounty scope applies to all code found in the v4 chain repository's protocol and indexer folders, as well as all code in the web and client repositories.