Proposal: Establish and Fund a Bug-Bounty Program for Celo on Immunefi

Proposal: Establish and Fund a Bug-Bounty Program for Celo on Immunefi.

Summary: Create a bug-bounty program on Immunefi and allocate 1,000,000 CELO from community governance funds.

Purpose: To incentivize community members and professional white hat hackers to uncover and fix any bugs that may exist within the Celo Protocol.

For comparison, here is a list of other major blockchains and web3 services currently using Immunefi:

  • Wormhole ($10,000,000* US in rewards)
  • MakerDAO ($10,000,000* US in rewards)
  • Polygon ($2,100,000* US in rewards)
  • Optimism ($2,000,000* US in rewards)
  • Algorand ($2,000,000* US in rewards)
  • Gnosis ($2,000,000* US in rewards)
  • Arbitrum ($2,000,000* US in rewards)

*Data from January 9, 2023


Proposed Multi-Signatories:

5 out of 7 of the multi-signatories must approve transactions and they are collectively responsible for verifying that a solution to a particular bug is functioning properly before the bounty hunter is compensated:

**Indicates that the individual is a person of interest and has not yet committed OR that it is an open slot:

  • Ryon – Celo Foundation, Security
  • Dave – Celo Foundation, Security
  • Ben - cLabs, Security
  • Connor (vissequ)- Community Moderator
  • **A Member of the Valora Team
  • **(Bogdan) - Mento
  • **(DiWu) - Community Member & Validator

Hardware wallets will be required for each individual signatory.


Additional Resources:

Point of Contact:

Please feel free to reach out on Discord with any questions:
vissequ | Celo#9060


Thank you for reading. What are your thoughts on this proposal?

  • I support this proposal
  • I do not support this proposal
  • I would support this proposal if some minor changes were made

0 voters

4 Likes

I think this is a brilliant idea, especially with the current landscape of exploitation. Since the amount would only be paid out in the event of an actual exploit with verified P.O.C., we can be fairly confident this would help get more exposure towards the security of our platform, without hemorrhaging the existing funds.

With the network halting a few months back, this fund would be able to give users more assurance that we are cognizant of the potential of blockchain issues-- increasing trust in the ecosystem.

3 Likes

Great proposal, I can only be in favor of this :slight_smile:

3 Likes

Super nice proposal, it would attract good developers!