In September 2021, the Goldfinch Community announced a $500k Bug Bounty Program through Immunefi. This program was always meant to protect the community. We propose that the community authorize Warbler Labs to administer the Bug Bounty program on behalf of the DAO, and to pre-authorize the gov council to spend up to $500k on the program and cover the back pay of $104,250 to Warbler Labs for the bounty payouts already made.
Since launch, we have had 2 critical, and 5 high severity bugs, resulting in total payment of $104,250 allotted in bug bounty rewards, which have been paid by Warbler Labs. Warbler funds were never meant to cover costs that are directly done as community programs. The security of our system remains our highest priority and in order to streamline future payments, we propose that the community delegate Warbler Labs to administer the existing Immunefi bug bounty program.
Specification & Requirements:
All payments will be notified to the community ahead of time. They do not need to be voted on (ie. assumed to be a “yes”), but if there is substantial disagreement then the council will hold off on making payments. As part of this, it includes retroactively reimbursing Warbler Labs for $104,250 of payments already made (see transactions below for specific expenses)
Benefits: Uphold the highest levels of security by giving a substantial monetary incentive for good faith hackers and security researchers to responsibly disclose bugs that could put user funds at risk.
Drawbacks and Risks: None
Yes: Appoint Warbler Labs as community delegate and approve $104,250 in backpay, and up to $395,750 in additional payments (for a total of $500k) to support the bug bounty program.
No appointment or allocation.
Past transactions paying out hackers: