Enzyme - Bug Bounty Cooperation

Davide · November 24, 2021, 9:34am

Authors

Idle Treasury League

Summary

This proposal aims to refund $25k in $IDLE to Enzyme Finance for the bug bounty paid to the reporter of a potential vulnerability in our partners’ integrations. This proposal represents a sign of cooperation and gratitude for their professionalism and responsiveness in promptly communicating that potential issue.

Rationale

On November 18th, the Enzyme Finance team notified us regarding a potential vulnerability that was affecting their integration with Idle Protocol. As reported in the Medium article, this vulnerability could have put funds of Idle Protocol’s integrators at risk.

Enzyme has an active bug bounty program launched on Immunefi. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. All payouts are done by the Enzyme Finance team directly and are denominated in USD. Payouts are done in USDC up to $400,000.

The final reward amount for critical smart contract vulnerabilities is capped at 10% of the funds at risk based on the vulnerability reported. In this case, the issue would have impacted 3 vaults on Enzyme and up to $400k worth of funds.

Due to the quality and professionalism of the report and the potential/scope of the issue as well, they found it inappropriate to pay out less than their “high” tier ($80k). For this reason, Enzyme rewarded the bug hunter with $90k.

Following this payout, Idle Leagues proposes to indemnify Enzyme with 6250 $IDLE ($25k using 20-day average rate).

Specifications

Actions:

Send 6250 $IDLE from Ecosystem Fund to Enzyme wallet: 1 action

Next Steps

We are going to leave this thread open for comments regarding this proposal, and in about 48hrs, if there are no objections, we will proceed with the Temperature Check.

unicorn · November 25, 2021, 2:27pm

Thank you Enzyme DAO for pointing this one!

emixprime · November 25, 2021, 3:34pm

This is real cooperation between DAOs
I’m in favor of this bounty, thanks to the Enzyme team for the responsive alert

DenisDevcic · November 25, 2021, 6:12pm

Nice find! Thanks Enzyme!

Davide · November 26, 2021, 3:12pm

Let’s move the proposal to the Temperature Check phase!

Poll for $IDLE holders: HERE
Poll for $IDLE Stakers (stkIDLE holders): HERE

Polls will close on 2021-11-29T19:00:00Z .

The final $IDLE voting weights will be calculated using the approved calculator .

Cast your vote

Davide · November 30, 2021, 11:29am

Poll succeeded!

With all voters in favor, Governance approved the transfer of 6250 $IDLE to Enzyme

perhamgirl · November 30, 2021, 7:38pm

Hi all, This is Mona from Enzyme Council. On behalf of us all, thanks for all your support guys! We appreciate you chipping in and look forward to more cooperation between our DAOs in the future.

Here is the Enzyme DAO address. 0xfECA27229A3801b34591582B66C46c82a9bC9994

Thanks again

unicorn · December 1, 2021, 9:55pm

Great to see you stop by Mona.

Let’s us know if you have further ideas for initiatives to foster DAO2DAO integration.

How to you feel about Treasury diversification and metagovernance?

How can the 2 communities work together more, to foster education and boost awareness of both projects?

Topic		Replies	Views
Bug Bounty Vault Proposal by Hats Finance 💡 Ideas & Improvements	8	1183	July 8, 2022
Setup formal Bug Bounty program 💡 Ideas & Improvements	16	1258	March 17, 2021
Armor and Idle Finance 💡 Ideas & Improvements	9	1170	May 7, 2021
Coverage Section and LPs Rewards 💡 Ideas & Improvements	5	762	February 10, 2021
Guidelines for an Idle protocol insurance 📑 Formal Proposals	13	1503	June 9, 2021