Summary
Proposal to release a total of $21’000 as payouts for different Aave <> Immunefi bounties, together with $2’600 as fee to the Immunefi platform; amounting a grand total of $23’600.
Motivation
As disclosed in this post, we think it is appropriate to split bug bounty payouts from disclosure and fix stages, for Low, Medium and High reports.
The objectives are not creating unnecessary interdependencies, and keep a healthy and frequent payment schedule for white-hats participating securing Aave.
Specification
This proposal, following an approach similar to Direct-to-AIP, will go directly on-chain and will release the following funds to white-hat addresses and the Immunefi platform:
-
$1’000 to
0x2af2144429a7eAe5fB3999B2059f246ffab6c90A
-
$10’000 to
0xEb8b275F05423566C95AbCCdD92d860B758cF08a
-
$10’000 to
0x6248e2481c3d80c05f49a185d9baee515f0e7f2c
-
$2’600 to
0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b
(immunefi.eth). This amount is slightly above the expected $2’100 (10% of bounties), because an extra pending bounty of $5’000 will be paid in January, while the Immunefi component should be included now.
The specific payment currency will be confirmed with contributors to the financial area of the DAO, like @karpatkey_TokenLogic.
Next steps
After 1 day in this forum, we will create the AIP on-chain, prior confirming with contributors on the financial side of the DAO about the payment currencies.
Additionally, we have requested representatives of Immunefi to confirm in this thread to confirm that the requested payouts effectively correspond with outstanding resolutions in the platform.