Exploring Pragma's Security
We're thrilled to (officially) announce our bounty program on Immunefi, offering up to $50,000 for discovering vulnerabilities in our smart contracts. If you're proficient in Cairo and keen on assisting us in securing our Oracle, and the broader DeFi landscape, get started here
This announcement provides us with a great opportunity to reaffirm our commitment to ensuring that the infrastructure we provide for dApps adheres to the highest security standards, both internally and externally. We take pride in leading the way for dApps on Starknet, particularly in terms of security. Our inaugural bounty program marks the initial stride towards fostering an ecosystem of white-hat hackers dedicated to building, reviewing, and identifying bugs in Cairo.
Cairo recently made a significant transition from its first version to a new Rust-based iteration, promising enhanced readability, security, and a superior developer experience. While most developers swiftly migrated between these versions, it's crucial to ensure that the entire security ecosystem follows suit—auditors, solo auditors, tooling, fuzzing, and more.
Pragma proudly supports this transition. We audited our Cairo 0 smart contracts with the audit firm Zellic (report) and the Cairo 1 smart contracts with Nethermind Security (report). We're now initiating a bounty program for solo auditors, offering rewards of up to $50,000.
Furthermore, we maintain a strict internal process to ensure the best continuity with security measures from third-party actors. This process includes all the testing, already available in the contracts repository, constant real-time monitoring of our contracts, and we're anticipating the development of fuzzing tools on Cairo 1 to enhance the level of security. To continue in that direction, we'll open all our monitoring dashboards to increase transparency around the oracle, especially concerning data providers, assets, uptime, and update frequency. Follow us on Twitter for the latest updates.
Security is not a finite state but an ongoing process, and there's still much work ahead of us. We're dedicated to ongoing enhancements in our internal and external processes, persistently challenging existing practices to ensure industry-standard security. If you're interested in contributing to our mission, please feel free to contact us on Twitter.