WeFuzz secures seed funding to bring decentralized auditing and bug bounty platform to Web3
Crowdsourced security audit and bug bounty platform WeFuzz today announced funding from Druid Ventures to advance its fully decentralized, blockchain agnostic, non-custodial protocol. The company’s novel approach seeks to improve and scale today’s smart contract auditing procedures that leverage and reward the auditor and hacker communities. Please join us on Discord and become the early birds.
The decentralized WeFuzz platform has many advantages, such as higher user security, service availability, and lower costs. Smart contracts running on the Solana blockchain will perform the whole process of crowdsourcing tasks, including posting audit and bounty campaigns, submitting audit and bug reports, and bounty assignments. Although WeFuzz is starting with Solana, the company will continue focusing on omni-chain efforts to ensure future interoperability.
“There’s a tremendous need for better security and audits for the current and future health of the web3 space. WeFuzz is building a novel and critical approach that has the potential to become an industry standard,” said Chris Pizzo, General Partner at Druid Ventures.
This January, WeFuzz was awarded a generous grant from Coinbase, which helped kickstart conceptualization and designing the platform, besides building the MVP. Coinbase’s efforts in building the web3 ecosystem with Crypto Community Funds have been and will continue to be, instrumental in fostering web3 innovation.
Current Challenges in Web3
The traditional crowdsourcing system consists mainly of three roles: requesters, workers (auditors in our case), and a centralized system. Requesters submit tasks to work on through the crowdsourcing system. A set of auditors complete this task and offer solutions to the crowdsourcing system. Requesters will then select a proper solution (usually the first or the best one that solves the task) and reward the corresponding worker. Centralized choke points are attack vectors for leaks and hacks and outages. It makes centralized systems vulnerable. Users’ sensitive information (e.g., name, email address, etc.) and vulnerability reports are stored in the database of these centralized systems, which has the inherent risk of privacy disclosure and data loss.
Crowdsourcing companies are keen on maximizing their benefits and require requesters to pay for services, increasing the costs to users. Most crowdsourcing systems demand a 10–25% service fee.
All these issues add up to the already existing concerns of smart contracts and multi-chain owners and developers (the audit requesters), freelance auditors, and ethical hackers. Some of which include:
- Ensuring their assets are safe from cyber theft, data hacks, or any other risk that can result in a loss of funds and compromised data.
- Being able to get audits done cost-effectively; be it private or public security audits.
- Ensure the smart contracts are audited by multiple auditors.
- Hackers do not want to share sensitive personal data.
- Hackers, auditors, and developers need complete transparency.
How WeFuzz Works
WeFuzz platform offers different types of campaigns, two of which are:
- WeFuzz Audit Campaign
- WeFuzz Bounty Campaign
WeFuzz Audit Campaign
Traditional audits usually happen in a 1:1 fashion, i.e., only one audit company will be engaged in an audit with an organization. But it may not be satisfactory for the organization to be audited only by a single firm to ensure that their assets or smart contracts are secure. However, to get audited by multiple firms is too expensive.
In a WeFuzz Audit Campaign, the audits are crowdsourced and result-oriented. An organization starts a WeFuzz audit campaign, and the hacker crowd participates in them by auditing and submitting vulnerabilities. The organization only pays per vulnerability, saving a ton of money, and they can be sure that multiple brilliant hacker eyes have audited their contracts.
WeFuzz Bounty Campaign
WeFuzz Bounty Campaigns is where crowdsourced hackers are incentivized continuously to test and find bugs or vulnerabilities. A WeFuzz Bounty Campaign can be private or public. These campaigns offer continuous testing for vulnerabilities, unlike audits.
After researching the optimal chain for our project, we have decided to move ahead with the Solana blockchain which offers security and low costs and has the fastest-growing ecosystem.
We have attended conferences like ETH Devconnect to discuss the future of blockchain and security with developers, builders, and security researchers. These interactions helped us restructure and redesign the roadmap and architecture of WeFuzz.
Sample screens from MVP
We anticipate delivering the following milestones in the foreseeable future:
- Onboarding auditors and audit requesters from November 2022.
- Launching the product on Solana Devnet in Q4 2022.
- Hiring smart contract developers and DApp developers for Solana to scale up the development process.
We are currently hiring Solana Smart Contract Developers, marketers, and sales. You can reach out to us at firstname.lastname@example.org or on twitter:
WeFuzz : https://twitter.com/wefuzz_io
Ranjeet : https://twitter.com/sengar23