Summary
Proposal to release a total of $15’000 as payouts for different Aave <> Immunefi bounties, together with $1’000 as fee to the Immunefi platform; amounting a grand total of $16’000.
Motivation
As disclosed in this post, we think it is appropriate to split bug bounty payouts from disclosure and fix stages, for Low, Medium and High reports.
The objectives are not creating unnecessary interdependencies, and keep a healthy and frequent payment schedule for white-hats participating securing Aave.
This proposal will cover the outstanding bounties of the previous severities, pending to be paid until today 24th January 2024.
Specification
This proposal, following an approach similar to Direct-to-AIP, will go directly on-chain and will release the following funds to white-hat addresses and the Immunefi platform:
-
$5’000 to
0x8689e84af34A18Bc461928aa554a71C649beED89
. -
$10’000 to
0xD122c282499Cb6A76197db2D6ba5170D81C4895f
-
$1’000 to
0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b
(immunefi.eth). This is the fee corresponding to the 10% of the previous bounty only, as the extra 500$ for the first one have already been paid in the round of December 2023.
Next steps
After 1 day in this forum, we will create the AIP on-chain, prior confirming with contributors on the financial side of the DAO (@karpatkey_TokenLogic) about the payment currencies.
Additionally, we will request representatives of Immunefi to confirm in this thread that the requested payouts effectively correspond with outstanding resolutions in the platform.