Joining the Balancer bug bounty program

Security and protection of users' funds is the most important aspect of any protocol. The industry is constantly being monitored by bad actors looking for an opportunity to exploit user funds.

As we rely on the underlying infrastructure built by Balancer Labs, this proposal looks at the possibility of contributing to their bug bounty program.

The key elements are of Balancer’s program are:

Contracts in scope - Vault - WeightedPoolFactory - WeightedPool2TokensFactory - StablePoolFactory - Authorizer

Rewards, split as follows:

• Critical (greater of 1k ETH or $2m)
• High (greater of 250 ETH or $500k)
• Medium (greater of 25 ETH or $50k)
• Low (greater of 5 ETH or $10k)

The full details can be found at https://docs.balancer.fi/security/bug-bounties

The pros:

• Shows the industry that we are committed to safeguarding users
• Strengthens our partnership with Balancer Labs
• We will get the benefit from any marketing Balancer does on the program

Cons:

• There are no obvious downsides

Options to consider:

• Yes. Match 10% of any rewards given by Balancer for those bugs identified as Critical or High, and 20% for those that are Medium or Low. Payment will be split 50:50 between $Beets and other assets
• No. Contribute nothing.

Please note that the following contracts are out of scope for the bug bounty program. We will need to launch it separately once our audits are complete:

• LiquidityBootstrappingPoolFactory
• PhantomstablePoolFactory
• ProtocolFeesCollector
• CopperProxy (LGE)
• MasterChef
• Timelock (MasterChef Owner)