Author: Blockwarden
Website: Blockwarden.io
X: Blockwarden_io
Hi Team Aura!,
We were recommended by James to get in touch with the DAO here so we would like to put forward our proposal!
I. Summary:
Aura Finance has a paramount responsibility to ensure the robustness and security of its systems. To fortify Aura Finance’s cybersecurity posture even further, we propose the deployment of Aura Finance’s Bug Bounty Program on Blockwarden. This would also expand the reach of the BBP to a broader community of white-hat hackers (Wardens) without incurring additional costs
II. Facts & Figures:
- Approximately 25% of all smart contracts are susceptible to potential security breaches.
- 52% Increase in DEX trading market share since November ‘22; reliant on autonomous smart contracts
- There exist more than 20 attack vectors that pose potential risks in to smart contracts
III. Background:
-
Philosophy: At the core of our principles lies the belief that “Trust is paramount in Web3.” To establish and uphold this trust, Web3 projects must prioritise the security of their code. Bug bounty programs not only fortify smart contracts but also foster a spirit of community and transparency as essential components of this commitment to trust.
-
Cost-Effective Security Testing: Deploying your bug bounty program additionally on Blockwarden enables the Aura team to access a diverse pool of top security researchers and developers without incurring any fees, making it a cost-effective way to identify and remediate potential threats on new deployments. By doing so, Aura Finance also eliminates the necessity for a dedicated internal security team, offering greater flexibility in budget allocation.
-
Time Efficiency: Blockwarden can help further optimise the bug reporting process, expediting the identification and resolution of vulnerabilities while filtering out low-quality submissions. This efficiency is crucial in mitigating potential threats especially from malicious actors and black-hats.
IV. Specification:
-
Documentation: The Aura team communicates the parameters of the program and reward structures. These details can be replicated from the existing bug bounty program documentation.
-
Deployment:The bug bounty program operates on the Blockwarden website, where vulnerability reports are submitted by wardens. There are no platform or maintenance fees on Blockwarden.
-
Deliberation: Blockwarden filters out low-quality submissions, including those generated by AI, spam, out-of-scope, and duplicates. The curated submissions are then presented to the Aura team through the agreed-upon portal.
-
Decision: Adhering to the agreed-upon SLAs, Aura has the discretion to either accept the reported vulnerability and proceed with rewarding the warden or decline the vulnerability report. If accepted, the warden is paid and Blockwarden will take a 10% commission fee from within the bounty.
V. Conclusion:
In conclusion, additionally deploying the Aura Finance Bug Bounty Program on Blockwarden offers a strategic advantage by tapping into a wide pool of talent, ensuring cost-effective security testing, and fostering a proactive security culture.