Summary
Switch the current bug bounty program from V1 over to the new V2 Version of Spool.
Proposal
As the switch from V1 to V2 of Spool is just around the corner adjacent infrastructure and programs have to migrate with it.
Currently, the Spool bug bounty program is still running for V1. Congruent with the protocol switch to V2, the bug bounty program must also be transitioned to incentivise the correct bug-checking behaviour.
The current Spool bug bounty program is focused on our smart contracts and on preventing:
- Loss of user funds
- Loss of treasury funds
- Unable to call smart contract
- Permanent freezing of the funds
- Theft of principal funds
- Theft of unclaimed yield funds
It will continue to function in the very same manner but for the V2 code base of Spool. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.1. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
Rewards by threat level:
Critical 50 000 to 1 500 000 USD
High 20 000 to 50 000 USD
Medium USD 5 000
Low USD 1 000
You can find more details on the allocation at Spool Bug Bounties | Immunefi
Motivation
With all we do at Spool we thrive for high quality. Without saying, this goes for our underlying smart contract structure and overall code base. But, we all are humans as well, and even more professional eyes are better than less.
Therefore, a bug bounty program for identifying risks before they arise is one reasonable approach to keeping the code quality at the maximum.
Vote
With βYesβ you vote to migrate the current bug bounty program for V1 of Spool over to V2, with βNoβ you vote against making this transition.
_________________________
The vote takes place here
_________________________
Timeline
2023-08-15T22:00:00Zβ2023-08-20T17:00:00Z