RFC: On-chain Bounty System

Blocked urgent


  • Immunefi is a great program, but there is still bureaucracy involved (through the BIC, Immunefi, etc).
  • It would be very interesting to have an on-chain bounty system in addition to the Immunefi bug bounty program.
  • Potential structure:
    • Smart contract that simply returns 10% of the funds sent to it, governed by the Beanstalk DAO.
    • Have the DAO ratify that any funds returned via this contract are considered a whitehat
  • Draft

  • Does this disadvantage Farmers? It definitely is beneficial for whitehats?

  • Only applies to funds that can be stolen from the contract
    • if they can be stolen, you can take 10%
      • contract can encode up to some value