BGD. Bug bounties proposal

Reading time saved: 9 minutes

2 replies, 2197 views, 5 likes


The community, led by Bgdlabs, is actively discussing security disclosures and working towards a formal bug bounty program, with interim ad-hoc bounties based on bug severity and likelihood. Several bugs in Aave v3 and a critical bug in the Aave v2 Ethereum AMM pool were discussed, with bounty rewards being subjective and aligned with the upcoming Immunify program.

The community has been actively discussing and evaluating various security disclosures, with Bgdlabs leading the conversation. The focus has been on the development of a formal bug bounty program, with ad-hoc bounties proposed for bug reports in the interim. The evaluation of these bounties is based on the severity and likelihood of the bugs, with the final approval to be given by AAVE holders via Snapshot and an on-chain governance proposal.

Several bugs were discussed, including issues with Aave v3's liquidation logic and risk control mechanism, as well as a critical bug involving the low liquidity of G-UNI USDC/USDT listed on the Aave v2 Ethereum AMM pool. Each bug was classified according to its severity and likelihood, and a bounty was proposed for each. The community also discussed the reward system for these bugs, with Fig questioning why a low severity, unlikely attack vector and a critical, unlikely attack were rewarded the same amount. Bgdlabs clarified that the reward is subjective and depends on the combined characteristic of each bug reported.

The discussion concluded with Bgdlabs explaining that these ad-hoc bounty recommendations are aligned with the yet-to-be-finalized Immunify program. The community continues to work towards the development of a formal bug bounty program, with the aim of improving the security and functionality of the platform.

Posted 7 months ago

Last reply 7 months ago

Summary updated 2 months ago

Last updated 08/12 04:39