CIP-11: Bug Bounty Program

Summary

Fund a bug bounty program with rewards up to USD 1,000,000 for critical issues, using Immunefi with USD 50,000 minimum and 10% cap of economic damage.

As example if the hack damage is USD 800,000, Cryptex will only pay 10% capped at USD 80,000 instead of USD 1,000,000 as rewards.

Background

As you might know Cryptex DAO values a lot security for their users, we audit our code before launching and test our products on testnet for a period before deploying into Mainnet. We want to increase the assurance for Cryptex users by funding a Bug bounty program using Immunefi.

Bug bounty programs are open invitations to security researchers to discover and disclose potential vulnerabilities in projects’ smart contracts and applications, thereby protecting projects and their users. For their good work, security researchers receive a reward based on the severity of the vulnerability, as determined by the project affected.

Why have a bug bounty program at all? In 2020 alone, hacks and scams cost the Web3 community over $238m, and bug bounties can prevent those hacks from happening. Bug bounty programs surface vulnerabilities so they can be fixed before they get exploited in malicious hacks that destroy projects and ruin reputations.

About Immunefi

Immunefi launched on December 9, 2020, as a bug bounty platform focused on Web3 and smart contract security. We provide bug bounty hosting, consultation, bug triaging, and program management services to blockchain and smart contract projects.

Website: https://immunefi.com/

This proposal vote will be in snapshot. Vote with your CTX here:

https://snapshot.org/#/cryptexdao.eth/proposal/QmQvfcsYR6EMmZ44STFBRbhKfEvv6ny4fXhJLd7fhjrUPU

6 Likes