[GIP-26] Bug Bounty Boost/Increase

Note: This is effectively an extension of GIP-16 on the boost aspect of the bounty: [GIP-16] Bug Bounty Upgrade and 08.2022 Payout

Motivation

With V2 launching, we now have a completely new set of code and like the initial days of V1, need to be cautious about security as we roll out the product. This becomes even more vital as the current prediction for V2 TVL is around the 80m$ mark. The proposal has two key focus points:

  • Limited time boost to get dev attention from 31st October to 31st December
  • Permanently increasing(slightiy) the bounty base from 1st January 2023

Proposal

1. Base Increase: With TVL increasing significantly, it’s necessary we dial up security too. As a part of the same the proposal focuses on increasing the bounty base as per given in the below table from 1st January 2023. Given the DAO round 2 that has just gone through, the treasury has enough additional funds to increase the bounty levels. In the meanwhile, the proposal focuses on a limited time boost as below.

Limited Time Boost: The goal for this boost is to incentivize the whitehacks to spend more time on the new V2 code and a part of the efforts is to increase the existing bug bounty payout structure. The boost though will only be in place for the first 2 months, October 31st to December 31st. This is to promote faster action from the dev community. The values to be as stated in option 2.

Threat Level Current Payouts 1. Permanent Increase 2. Limited Time Boost
Critical $150,000 $200,000 $300,000
High $50,000 $65,000 $100,000
Medium $10,000 $13,000 $20,000
Low $5,000 $6,500 $10,000

Conclusion

Basis the above information, the DAO needs to discuss and give feedback and the vote on how to proceed

  • Both increase and boost
  • Limited boost only
  • Base Increase only
  • Neither to both

https://snapshot.org/#/gearbox.eth/proposal/0x24632f75c0ea10336477bb484c47deaacf29c60dc36bcbb3ca33f790b4c70e75