z_33 agree with this. I would also suggest that the reference to aOHMMigration.sol exploit is removed before snapshot as I believe we are resolving the bondprotocol exploit here and don't have sufficient information on the former, it just muddies the water.
OIP-122 Transfer of 250,000 DAI from OHM bagholders to 3 Watermelons Research
z_33 agreed what you are proposing seems fair
I'm not as eloquent, but I think they should be compensated in Ohm and not in DAI as per other bug bounties terms.
Simple. Pay me now or pay me later!
Transparency for @0xwatermelon's $7m vulnerability claim. Recognition, reward and appreciation is what is in order here.
Big thanks to watermelon to be transparent and act accordingly.
I am against this proposal as such, however I do agree, we should compensate the efforts.
As it seems clear, this should not be a n OHM topic at all, as the contract is the property of Bond Protocol, so any kind of appreciation in form of money should come from Bond Protocol. We were here the costumer, who was tricked due to lack of attention. with a 'basic' problem. I find it hard to convince me we should consider adding any budget to this compensations, this is purely a Bond Protocol topic.
Strongly against this proposal for the following reasons:
a) OlympusDAO is not associated anyhow with Bond protocol.
b) In case there is a bounty to be paid (which Im sure there is) - it should come out from the Bonds protocol treasury.
c) Bug found in aOHM should be delt separately from this.
gm
first, I would like to thank @0xwatermelon as he (or they) did a nice job, appreciate your effort ser(s)
second, we are not here to argue about if, but how β¦ whitehat(s) definitely needs to be rewarded, I'm personally for 150k or 250k but with participation from Bond Protocol, at least 50/50.
I am against the suggested amount but I am for paying the whitehat. I think 100K OHM and 33K DAI would be fair.
- Edited
I have some questions about the intention of attacker:
If he planned returning the fund at first;
1-why did attacker's wallet 0x443cf223e209e5a2c08114a2501d8f0f9ec7d9be was anonymized over aztec.network?
2-why did he call Zeus "idiot" publicly?
If he is a white hacker, and if there is something called "3 Watermelons Research" why he is cutting tie on twitter with 
.eth https://twitter.com/SpaceWigger/status/1554831916066476041 (This tweet was alive a few days ago), because the address doxxed?
β¦
I believe he realized someone knows his previous doxxed wallet was in touch with the team and this forced him to return the fund.
- Edited
I will vote no to this proposal.
I do think Watermelon has done everything right and should be compensated. However, it was Bond Protocols contract that was exploited, not Olympus. So the claim should be on Bond Protocol, or at the very least wait until we have clarity from Bond Protocol on how they will compensate Olympus.
A second formality is that treasury funds should not be used for development, research, audits etc. That should come from the Olympus DAO.
Chiming in from Bond Protocol. We do not feel that Olympus governance is the appropriate avenue to resolve a bug bounty with @0xwatermelon. If the expectation is that Bond Protocol is covering the bounty, then the amount should not be decided by external parties. We are pursuing alternative means to compensate the hacker, but we don't have enough clarity to post details publicly.
We are glad that Olympus supports good faith behavior for returning lost funds, but we also think we should be allowed to respond on our own terms. Therefore, we recommend voting NO on OIP-122 pending an update from Bond Protocol.