"OIP-122: Transfer DAI from Olympus Treasury to 3 Watermelons Research" just went to snapshot. There seems to be almost no opposition that the whitehat "3Watermelons" should be paid the bug bounty of $250k. However OIP-122 is completely silent on where the funds will come from. Given that the existing bug bounty framework suggests bounty payments in OHM from DAO funds that should serve as the immediate precedent, and if its not, the community should at the very least have a say in foregoing the existing framework this one time.
Moreover, the contracts in question are owned, deployed and advertised as Bond Protocol's contract. Bond Protocol is a separate symbiotic protocol that recently raised funds. They should be asked to cover at least 50% of the bounty using those raised funds.
This RFC asks the DAO to put forward a follow-up OIP to OIP122 asking the community both how much of the funds should come from Olympus and where these funds should come from (i.e. from DAO wallet or Treasury?)