Fip-93: The Future of Bug Bounties for the Tribe DAO

Summary This proposal aims to create a public mandate for the Tribe DAO to pay any valid bounty submitted through the Immunefi or directly to the DAO as per the guidelines on the Tribe DAO Immunefi page.

Motivation The Tribe DAO is growing faster than ever and shipping at unprecedented levels. While the DAO has extensive security precautions, its relationship with the white hat community has been extraordinarily valuable. It is more important than ever to grow and maintain this robust relationship with the white hat community. This proposal intends to do so by creating a public mandate for the Tribe DAO to pay any valid bounty submitted through the Immunefi or directly to the DAO.

Specification In the future if any valid bug bounty is submitted the Tribe DAO will pay the bounty in full to the owed party(s). The respective rewards per bounties are distributed according to the impact of the vulnerability. The Immunefi page has more details on the classification of each tier.

https://immunefi.com/bounty/tribedao/

This proposal will also retroactively apply to the recent Fuse vulnerability found by Samczsun and others. If 2x of 1x is passed, it will apply to this bounty as well.

Voting

This proposal will use multiple choice style voting.

A. Create a mandate to payout 2x the proposed bounties and (2.2m for a crit) retroactively apply to Fuse bounty B. Create a mandate to pay 1x the proposed bounties (1.1m for a crit) and pay out the Fuse bounty C. More discussions needed