Hey all,
I’m on the team that found exploit #3 a while ago. I appreciate/accepted the recommendation but don’t believe $65k should be the full reward considering the magnitude of the exploit. I’ll be asking the DAO for $300k total but I’ve been told by BGD that I can’t give any information on the exploit to the DAO or they’ll instead suggest $0.
I reported the exploit long ago to any major protocol using the asset so it shouldn’t be any problem to disclose it (and probably a good thing at this point so new protocols know not to use the asset), but will not be breaking the rules set by BGD Labs.
Not sure exactly how to proceed since it’s hard to explain why I feel more should be paid out without disclosing the bug, but I feel I need to say something now or the DAO won’t be interested in the future after it’s already paid out.