Economic Attack Bounties (MEV, Governance) vs Technical Exploit Bounties (Reentrancy, Logic Flaws)

Targets market inefficiencies: Focuses on protocol-level logic flaws like sandwich attacks or governance manipulation. This matters for DeFi protocols (e.g., Uniswap, Aave) and PoS networks where value extraction is subtle and continuous. Bounties incentivize discovery of attacks that drain value without breaking code.

Targets code vulnerabilities: Focuses on smart contract implementation flaws like reentrancy, integer overflows, or access control errors. This matters for any smart contract deployment, especially new protocols (e.g., novel DEXs, lending markets) where the attack surface is in the Solidity/Vyper code itself.

• Mature DeFi Protocols: Systems with high TVL (>$100M) where MEV extraction is a primary risk.
• Governance-Critical DAOs: Protocols like MakerDAO or Compound where proposal manipulation can drain the treasury.
• Post-Audit Phase: To catch complex, emergent economic attacks that static analysis misses.

• New Contract Launches: Auditing novel, unaudited code before mainnet deployment.
• Upgrade Cycles: Testing new features or migrations for classic vulnerabilities.
• Broad Attack Surface: Protocols with many interacting contracts (e.g., yield aggregators, cross-chain bridges) where a single bug can be catastrophic.

Incentivizes discovery of systemic risks: Targets protocol-level vulnerabilities like MEV extraction, governance manipulation (e.g., flash loan attacks), and economic arbitrage. This matters for protocols with high TVL or complex tokenomics (e.g., Aave, Compound, Uniswap).

Subjective and harder to quantify: Economic damage (e.g., $10M in lost MEV) is often contextual and harder to define than a clear code exploit. This leads to disputes over payout size and bounty eligibility, requiring deep economic expertise to judge.

Objective and automatable validation: Targets clear code vulnerabilities like reentrancy, integer overflows, or logic bugs. Findings can be verified with PoC exploits on testnets (e.g., Foundry, Hardhat). This matters for core contract security and is the standard for platforms like Immunefi.

Misses design-level economic flaws: A protocol can be technically sound but economically fragile. This model fails to capture attacks like oracle manipulation on Chainlink or governance attacks that use valid code paths, leaving a critical blind spot.

Focuses on protocol liveness and economic security. Targets attacks like governance takeovers (e.g., Compound, MakerDAO), MEV extraction (sandwich attacks), and oracle manipulation. This matters for DeFi protocols with significant TVL and on-chain governance models.

• Example: Immunefi's $10M bounty for OlympusDAO governance exploits.
• Pro: Catches complex, multi-vector attacks that traditional audits miss.
• Con: Harder to define scope; success is often a 'grey area' of economic design.

Targets code-level vulnerabilities with clear validation. Covers classic flaws like reentrancy (see The DAO, CREAM Finance), integer overflows, and access control bugs. This matters for new smart contract deployments and protocol upgrades before mainnet launch.

• Example: $2M bounty for a critical reentrancy bug in a Layer 2 bridge.
• Pro: Clear scope and payout matrix (e.g., Immunefi's Critical = $1M+).
• Con: May miss systemic, economic risks outside single contract logic.

Attacks distinct skill sets. Economic bounties attract quantitative researchers and DeFi power users who understand market dynamics. Technical bounties attract smart contract auditors and security engineers proficient in Solidity/Yul and tools like Slither, Foundry.

• This allows for depth-first exploration in each domain, increasing coverage.

Economic attacks are often more expensive to simulate and prove. Requiring a forked mainnet state and complex transaction bundling (via Flashbots) increases researcher overhead. Technical exploits can often be proven with a PoC in a testnet environment.

• This can lead to higher minimum bounty sizes for economic attacks to attract talent.

Well-established tooling and classification. Standards like the SWC Registry and tools like MythX provide clear benchmarks for technical vulnerabilities. Platforms like Immunefi and Sherlock have refined payout schedules for technical bugs.

• This reduces ambiguity for both projects and whitehats, speeding up triage.

Attack vectors constantly change with new DeFi primitives. New MEV techniques (e.g., Time Bandit attacks), cross-chain governance exploits, and LST/LRT dynamics create moving targets. Scope definition becomes a continuous challenge.

• Requires ongoing budget allocation and close monitoring of ecosystem developments.