Propose, and potentially formalize, the terms of a Saddle Bug Bounty program.
This SIP seeks to establish the terms of a Saddle Bug Bounty program. Such a program would represent a milestone on the path toward honouring the security goals originally laid out in the ‘motivation’ section of SIP-21.
Following the events of the last few months, a focus on security is paramount to the operation and reputation of all DeFi protocols going forward– this is especially true for those protocols seeking to build open source implementations of primitives fundamental to the industry as a whole. Formalizing the terms of an official bug bounty program would serve to incentivize whitehats as an additional preventative measure to exploits; this is preferred industry-wide to the more reactive approach of offering a bounty post-exploit to blackhats.
The bounty is to be calculated as the lower value of 10% of the total possible exploit or 5MM SDL. The bounty will be delivered immediately [at the behest of multisignature collection] as liquid SDL.
Note: This bounty would not cover any front-end/visual bugs, or any server-side code of any web application that interacts with Saddle. The Saddle Bug Bounty is applicable only to vulnerable smart contract code: defined as contracts deployed by Saddle, on any chain, that manage the value of Saddle’s treasury assets and/or user deposited assets. This bounty is a “no questions asked” policy for disclosures and/or immediate return of funds after any incident.
For: Formalize the proposed terms of the Saddle Bug Bounty program.
Against: Resubmit with modified terms.