Summary
This proposal is designed to add a third tier of bugs to the Bug Bounty program outlined in OIP-17, OIP-34, and OIP-38. This new tier will cover “bugs/exploits which could lead to an incorrect rebase amount” and will provide a flat fee reward of $33,333 per vulnerability/exploit. This OIP also will retroactively award 1 bug bounty of this size to a submission previously received through ImmuneFi which would have qualified under this tier, should it pass review by engineering.
Motivation
After we launched the bug bounty with ImmuneFi we have received a a bug which, in extreme cases, could lead to incorrect rebase amounts. This bug does not qualify under Tiers 1 or 2 of the Bug Bounty as currently specified. However, Bug Bounty Management unanimously agrees the efforts of the whitehats who brought this to our attention should be rewarded, and we should encourage people to bring forward more bugs of this nature.
Accordingly, I believe it is in Olympus’ best interest to add the additional “bug type” to the Bug Bounty program created through OIP-17, and to provide a bounty of $33,333 and a Proof of Whitehat NFT to the aforementioned whitehats should their bug submission pass review with engineering.
Proposal
Change the text of the Olympus Bug Bounty from:
Critical vulnerabilities are further subcategorized into two tiers:
Tier 1: For bugs/exploits which would lead to a loss of bond funds or a loss of user funds, a flat reward of USD 333 333 is provided.
Tier 2: For bugs/exploits which would lead to a loss of treasury funds, a flat reward of USD 3 333 333 is provided.
To
Critical vulnerabilities are further subcategorized into three tiers:
Tier 1: For bugs/exploits which would lead to a loss of bond funds or a loss of user funds, a flat reward of USD 333 333 is provided.
Tier 2: For bugs/exploits which would lead to a loss of treasury funds, a flat reward of USD 3 333 333 is provided.
Tier 3: For bugs/exploits which would lead to an incorrect rebase amount, a flat reward of USD 33 333 is provided.
Additionally this OIP authorizes the retroactive awarding of one Tier 3 Bounty and one Proof of Whitehat NFT to one whitehat team which had previously submitted a bounty which would have qualified under Tier 3 (the details of which will be disclosed once a fix is implemented), if said bug passes review with engineering which it is currently undergoing.
Polling Period
The polling process begins now and will end at 10:00 UTC on February 3rd 2022. After this, a Scattershot vote will be put up at 10:00 UTC on February 4th 2022.
Poll
For: The text of the Bug Bounty program, on the ImmuneFi website, will be changed as previously specified and one Tier 3 bounty and proof of whitehat nft will be awarded retroactively.
Against: The text of the Bug Bounty program will not be changed.