Publication Type
Conference Paper
Version
acceptedVersion
Publication Date
12-2025
Abstract
Decentralized finance (DeFi), powered by blockchain technology, enables peer-to-peer financial transactions without intermediaries. Despite rapid adoption, DeFi attracts malicious actors exploiting vulnerabilities. To mitigate risks, we propose a framework assessing entry points in the DeFi software supply chain: smart contracts, oracles/third-party feeds, user interfaces, off-chain storage, and crypto wallets. Applying this framework, we evaluate whether industry solutions—particularly bug bounty programs—adequately address these gaps. Our preliminary analysis indicates that most programs cover smart contract vulnerabilities (85.7%), followed by user interface issues (21.3%) and crypto wallet loopholes (11.9%). However, third-party risks, such as oracle feeds, are frequently deemed out of scope. This study provides insights into the role of bug bounty programs in strengthening DeFi software supply chain security.
Discipline
Software Engineering
Research Areas
Information Systems and Management
Areas of Excellence
Digital transformation
Publication
35th Annual Workshop on Information Technologies and Systems (WITS 2025), Nashville, Tennessee, USA, December 17-19
Publisher
Palgrave Macmillan
City or Country
Nashville, TN
Citation
KE, Ping Fan; LAU, Yi Meng; and JIANG, Lingxiao.
Evaluating DeFi vulnerabilities: The role of bug bounty programs on DeFi software supply chain. (2025). 35th Annual Workshop on Information Technologies and Systems (WITS 2025), Nashville, Tennessee, USA, December 17-19.
Available at: https://ink.library.smu.edu.sg/sis_research/10632
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.