Summary: Create a two tier bug-bounty and reward system, including a "Proof of Whitehat" NFT reward and a cash bonus. Fund the cash bonus at least partly through the use of treasury yield strategies, with remaining funds as needed coming from DAO funds.
Motivation: OHM needs to be secure and safe, and the best way to do that is to incentivize white hats to regularly search for bugs and potential exploits by offering them cold hard cash when they find one. We are a community based around cooperation. For 3,3 to be a lasting state of affairs, and to keep the mutual trust that requires, every ohmie must know that they are staking their money in a safe and regularly stress tested protocol.
Proposal:
The Tiers and Bounties:
- Tier 1: For bugs/exploits which would lead to a loss of bond funds, a flat reward of $333,333.
- Tier 2: For bugs/exploits which would lead to a loss of treasury funds, a flat reward of $3,333,333.
The "Proof of Whitehat" NFTs:
OHM will commission an NFT design to be minted on an as needed basis which will serve as proof that the address they are awarded to successfully identified either a tier-1 or tier-2 bug/exploit. These NFTs will recognize that address as a "Hero of Olympus" who is competent enough to serve as a white hat and can be trusted to act in good faith when properly incentivized. In essence these NFTs will serve as a letter of recommendation from all of Olympus DAO to the White Hats who help us identify and prevent bugs/exploits.
Source of Funds for Bug Bounty:
If approved this proposal will allocate 10% of treasury yield strategies to a ‘Bug Bounty Fund', set aside specifically to reward Heroes of Olympus (white hats) for their work helping keep OHM safe and secure. In the event additional funds are needed outside of what the Bug Bounty Fund can provide, funds will be allocated as needed out of general DAO funds.
Additional Details:
Any details which are not explicitly outlined in this post, but which must be decided upon in order to execute the Bug Bounty program (including but not limited to; what token/tokens the bounty is paid in, who is commissioned to create the NFT, etc.) shall be decided by Strategos.
Polling Period
The polling process begins now and will end at 12:58 UTC on August 5th, 2021. After this, a Scattershot vote will be put up at 12:58 UTC on August 7th, 2021.
Poll:
If the measure is approved, vote will proceed to Scattershot. If measure is not approved, vote will not proceed to Scattershot.
References: https://forum.olympusdao.finance/d/68-we-should-start-a-bug-bounty-program