Enzyme - Bug Bounty Cooperation

Authors

Idle Treasury League

Summary

This proposal aims to refund $25k in $IDLE to Enzyme Finance for the bug bounty paid to the reporter of a potential vulnerability in our partners’ integrations. This proposal represents a sign of cooperation and gratitude for their professionalism and responsiveness in promptly communicating that potential issue.

Rationale

On November 18th, the Enzyme Finance team notified us regarding a potential vulnerability that was affecting their integration with Idle Protocol. As reported in the Medium article, this vulnerability could have put funds of Idle Protocol’s integrators at risk.

Enzyme has an active bug bounty program launched on Immunefi. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. All payouts are done by the Enzyme Finance team directly and are denominated in USD. Payouts are done in USDC up to $400,000.

The final reward amount for critical smart contract vulnerabilities is capped at 10% of the funds at risk based on the vulnerability reported. In this case, the issue would have impacted 3 vaults on Enzyme and up to $400k worth of funds.

Due to the quality and professionalism of the report and the potential/scope of the issue as well, they found it inappropriate to pay out less than their “high” tier ($80k). For this reason, Enzyme rewarded the bug hunter with $90k.

Following this payout, Idle Leagues proposes to indemnify Enzyme with 6250 $IDLE ($25k using 20-day average rate).

Specifications

Actions:

  • Send 6250 $IDLE from Ecosystem Fund to Enzyme wallet: 1 action

Next Steps

We are going to leave this thread open for comments regarding this proposal, and in about 48hrs, if there are no objections, we will proceed with the Temperature Check.

9 Likes

Thank you Enzyme DAO for pointing this one!
:grinning:

8 Likes

This is real cooperation between DAOs :raised_hands: :grinning_face_with_smiling_eyes:
I’m in favor of this bounty, thanks to the Enzyme team for the responsive alert :muscle: :shield:

8 Likes

Nice find! Thanks Enzyme! :v:

6 Likes

Let’s move the proposal to the Temperature Check phase!

:arrow_right: Poll for $IDLE holders: HERE
:arrow_right: Poll for $IDLE Stakers (stkIDLE holders): HERE

:alarm_clock: Polls will close on 2021-11-29T19:00:00Z .

The final $IDLE voting weights will be calculated using the approved calculator .

Cast your vote :writing_hand:

5 Likes

Poll succeeded! :white_check_mark:

With all voters in favor, Governance approved the transfer of 6250 $IDLE to Enzyme :muscle:

7 Likes

Hi all, This is Mona from Enzyme Council. On behalf of us all, thanks for all your support guys! We appreciate you chipping in and look forward to more cooperation between our DAOs in the future.

Here is the Enzyme DAO address. 0xfECA27229A3801b34591582B66C46c82a9bC9994

Thanks again

8 Likes

Great to see you stop by Mona.

Let’s us know if you have further ideas for initiatives to foster DAO2DAO integration.

How to you feel about Treasury diversification and metagovernance?

How can the 2 communities work together more, to foster education and boost awareness of both projects?

5 Likes