YAM Bug Bounty Program
In addition to the completed and potential future audits, we would like to set up a community bug bounty forum to get more eyes on the code and increase security.
While audits offer a base level of confidence in a protocol, history has shown time and again that they are by no means a guarantee of security and the additional scrutiny of community members can uncover missed vulnerabilities. We propose to use Gitcoin Grant audit and potentially treasury funds to sponsor a bug bounty program for the YAM protocol. Rewards will be tiered based on severity of issue disclosed.
Make Yam more secure.
Rewards will be based on the CVSS (Common Vulnerability Scoring Standard) but ultimately subject to tokenholder vote. In the event of a vulnerability disclosure, an emergency proposal will be sent immediately for on-chain governance execution, skipping the typical forum and off-chain steps in the process in order to expedite the fix. Such a proposal would include both the fix and reward to the discoverer of the vulnerability.
Funding of the bug bounty will first come from the Gitcoin Grants audit fund, though once this has been depleted, future funding will be sourced from the treasury.
Rewards will be scaled according to the severity of the bug.
Critical - Max Reward High - 50% of Max Reward Medium - 20% of Max Reward Low - 5% of Max Reward
Poll to Measure Sentiment
What should the Max Reward for the bug bounty be?