Security Practices at Fuel: your funds are safe
Following the release of Fuel Sepolia testnet, we are announcing a $1.3-million crowdsourced security audit program from June 17th to July 22nd in collaboration with Immunefi to identify potential vulnerabilities in Fuel’s code base before mainnet. This step aligns with our ongoing commitment to maintaining rigorous security standards.
At Fuel, security is of paramount importance, and we are constantly fortifying the network with adherence to the best cryptographic security practices, and robust security features such as a trusted node validator set, on-chain detection mechanisms to prevent irreversible loss of funds, Sway’s access control libraries with built-in CEI detection and re-entrancy prevention tooling, and predicate-based multisig wallets that offer threshold security to protect users from a single point of failure.
To date, we have conducted five internal security audits and ran extensive testing with continuous improvements with independent assessments from top auditing firms, including Trail of Bits, Ottersec, ChainSecurity, and Hexens.
The combination of internal testing, independent audits, and the crowdsourced security audit will ensure that Fuel’s infrastructure remains secure and reliable, safeguarding user funds and maintaining trust within our community.
Fuel Attackathon: Largest Ever Web3 Audit Contest
As a natural extension of our ongoing security efforts, we are launching a five-week Attackathon that will run from June 17, 2024, to July 22, 2024, on Immunefi, a leading Web3 security collective. The $1.3M rewards pool, the largest in Web3 history, includes $1M in rewards for the Attackathon and $300,000 for Fuel’s top ecosystem dApps.
The Attackathon is a curated community-led security audit that invites top security researchers to stress test the Fuel code base and its leading ecosystem projects and identify and resolve potential code vulnerabilities. Unlike traditional security audits, the Attackathon includes Immunefi’s time-bound code reviews to surface critical reports in real-time.
To let participants engage directly with the Fuel and Immunefi teams, the Attackathon will feature educational components, such as Blockchain Technology guides and Fuel Education Weeks with live streams, Q&As, and a dedicated Discord channel for personalized support.