Thanks for finding a critical bug. Have a $1.5 million bounty, and our CTO will get a tattoo of anything you like

[mood]

Thanks for finding a critical bug. Have a $1.5 million bounty, and our CTO will get a tattoo of anything you like

 

Congratulations to Alexander Schlindwein.

 

He’s the chap who discovered what has been described as a “critical bug” that reportedly could have “drained the entirety of underwriting funds” for ArmorFi, a “smart insurance aggregator for decentralized finance (DeFi)”.

 

(I just write these words, don’t expect me to understand what ArmorFi actually does.)

 

Schlindwein – who aside from being a vulnerability researcher is also the CTO of Ideal Markets – found a serious bug in AmorFi’s smart contract code, as bug bounty platform ImmuneFi explained:

 

Had the bug been left unchecked, a malicious actor, with just a single dollar of coverage, could have drained all funds from ArmorFi’s underwriting contract. With Immunefi’s bounty system, that bug was eliminated.

More specifically, in the event where a party needed to draw on its insurance policy after suffering some negative event covered by that policy, this exploit would have let the party withdraw 10^18 times the amount of coverage that they purchased.

 

Ouch!

 

What does Schlindwein win for his discovery and responsible disclosure of the bug?

 

Armor cryptocurrency. Specifically a stash currently worth an alleged $1.5 million US dollars.

 

Oh, and AmorFi’s CTO has offered to get a tattoo chosen by the bug hunter as well.

 

 

 

Source: Thanks for finding a critical bug. Have a $1.5 million bounty, and our CTO will get a tattoo of anything you like