Increase bug bounty bounds and make bounties more discreet
Increase bug bounty program
Lido’s a very mission-critical project and is a very lucrative target. The realities of the bug bounty market for DeFi these days also set the bar for critical vulnerabilities bounties quite high. It’s time to increase Lido’s bug bounty to a reasonably big level.
I propose granting LEGO the power to select critical targets and vulnerability types and raise a bounty for them up to $2m depending on potential impact.
Make bug bounty payment more discrete
One more change is needed to be done for LEGO processes: currently, all payments of boulder and larger size need to be posted on research.lido.fi with details; that is not a great process when it’s a payment for a (yet or ever) unmitigated vulnerability in smart contracts.
I propose an amendment to LEGO rules that would allow bug bounty payments to go before specifying the exact reason of payment, at the condition that the reason will be disclosed within 90 days.
More details and discussion available at https://research.lido.fi/t/expand-and-increase-bug-bounty-program/957
| Voter | Cast Power | Vote & Rationale |
|---|---|---|
 0xE017...184e63 | 20M | Yay |
 0xb842...F182B0 | 17.718M | Yay |
 0x9171...2e428E | 15M | Yay |
 0x22aA...E91D69 | 7.5M | Yay |
 0x10F5...D2d2fE | 5.014M | Yay |
VOTE POWER
Proposal Status
- Wed August 25 2021, 09:00 amVoting Period Starts
- Wed September 01 2021, 09:00 amEnd Voting Period
Current Results
1-Yay
70.791M