TDP 27: Immunefi Bug Bounty Program Source

AuthormZeroNine
Discussions-Tohttps://forum.mstable.org/t/tdp-27-immunefi-bug-bounty-program/721
StatusApproved
Created2021-11-25

Simple Summary

It is proposed to participate in Immunefi’s upcoming bug bounty protocol launch, and earmark 100,000 DAI from the Funding subDAO for this opportunity to serve as a bounty while also providing an opportunity to put this capital to use while custodied in the escrow contract.

Abstract

Immunefi has been supporting mStable’s bug bounty program for more than 6 months and is now upgrading their core product offering to include tokenized protocol governance, and a more capital efficient way to use these bounties.

mStable would therefore like to participate in this new bug bounty product offering and allocate 100,000 DAI to be put in escrow and have custodied by Immunefi.

The underlying collateral will then be used to generate yield, and in case of a found vulnerability, be used to reimburse the bug reporter.

Motivation

Immunefi is the leading protocol in DeFi bug bounties and long-established Partner for mStable, protecting over $80b in user funds across protocols like Yearn, Polygon, Sushiswap, Nexus Mutual, Compound, Synthetix, Arbitrum, Pancakeswap, and 170+ more. Immunefi has prevented over $2 billion USD in direct theft to its partners to date, and far more than that in aggregate in economic damages.

Immunefi is building a first-of-its-kind bug bounty protocol to maximise incentives for hackers to disclose critical vulnerabilities to projects.

Today, trust remains a major problem for hackers in DeFi. While some hackers trust Immunefi to secure their interests if they report valid vulnerabilities, others adopt a hack first, return funds later approach to ensure they are compensated according to the value of the vulnerability they discovered.

Immunefi will end this trend by providing unbreakable trust assurances to hackers that they will be compensated for finding vulnerabilities. This will further increase the security of participating projects by increasing incentives to disclose vulnerabilities.

To provide these trust assurances, Immunefi has built an onchain protocol for participating projects to escrow funds, and a council of experts to guarantee that hackers are treated fairly. This council will have the power to disburse funds according to the terms of a projects bug bounty program.

Specification

What Immunefi will require from mStable

  • Agreement to earmark and deposit funds equal to the maximum critical bug bounty ($100,000 in DAI today) in Immunefi’s onchain protocol.
  • No further action is then required; the program will be run and managed according to mStable’s existing program rules, policies, and bug disclosure specifications.

What Immunefi will provide to mStable

  • Immunefi will inform the mStable core team when the protocol is fully ready for launch, and provide deposit instructions to the team. The ETA for this is during Q1 2022.
  • mStable will receive hands-on support from Immunefi team members for launching its onchain integration to ensure smooth onboarding.
  • As a pilot partner, mStable will receive token incentives for being among the first users of its onchain protocol, with specific reward numbers to be shared with the mStable team at a future date.

Copyright and related rights waived via CC0.