GIP-111: Should the GnosisDAO fund the Ethereum Protocol Attackathon?
- In Favour
- Against
Summary:
Ethereum needs more security researchers to examine the codebase and help find vulnerabilities. As the ecosystem has grown, this is an excellent opportunity to co-fund an audit challenge with the Ethereum community.
The Ethereum Foundation (EF) invites sponsors to support the reward pool for the eight-week Ethereum Attackathon.
This event aims to enhance the security of the Ethereum protocol by organizing the largest crowdsourced security audit competition. The goal is to raise over $2 million, with $500,000 committed from the Ethereum Foundation.
The Attackathon will be hosted on Immunefi, which they do at no cost, meaning all contributions go directly to securing the protocol.
This challenge is especially relevant for Gnosis. Gnosis has a similar architecture, is the only EVM with a beacon chain and uses the same clients.
A security bug bounty on the Ethereum core protocol benefits the Gnosis Chain by identifying shared vulnerabilities, enhancing overall security, and fostering a stronger developer community. This collaborative approach ensures cost-effective, high-quality security improvements and maintains trust and interoperability between the chains.
Duration: Eight weeks
Funding: 100,000 usd
Specification
What is an Attackathon?
An Attackathon is a comprehensive event involving three phases:
Before the Attackathon: A comprehensive education program on the protocol’s code delivered via live technical walkthroughs and Attackathon Academy content.
During the Attackathon, Security researchers hunt the code based on specific rules to qualify for rewards. Only reports that are impactful as specified by the rules of the Attackathon, will be rewarded.
After the Attackathon: Immunefi evaluates and compiles the results in the form of an official Attackathon report and spotlights top researchers with NFT awards and a leaderboard.
The Attackathon aims to be the largest-ever crowdsourced security audit contest conducted to augment security for the entirety of the protocol’s code.
Rationale
The Ethereum Foundation has a permanent bug bounty, although it does not get the awareness and eyeballs it should get on the code.
Running the largest audit contest now will help increase the security of the Ethereum protocol and upskill security researchers for contests at every hard fork in the future.
- Shared Codebase and Vulnerabilities: Vulnerabilities in Ethereum could apply to the Gnosis Chain due to their shared codebase.
- Security Enhancements: Ethereum’s security improvements directly enhance the Gnosis Chain’s security boosting trust for Ethereum and Gnosis.
- Ecosystem: A secure Ethereum fosters a confident developer community, benefiting the Gnosis Chain
- Cost-Effective Security: Aligning with Ethereum’s security efforts provides high-quality assessments without bearing the total cost.
Budget
We seek to raise at least $2 million, with the EF contributing $500k. So far, a few projects have signed up to secure Ethereum.
Based on feedback, we created a couple of tiers, although a project can be sponsored with any amount they wish.
Unicorn Partners (+75 ETH Commitment (Approx. $250,000) (limited to two projects)
- 1x Unique NFT with leaderboard rank
- Participation in Attackathon Kick-off Twitter Space as a partner speaker
- Leaderboard Placement on Sponsor page
- Top-tier logo placement on Sponsor and Program Landing Page
- Top-tier logo placement on the Program Education page and program report
- Call out in Press Releases and EF and Immunefi Program Announcement Blogs
- Digital Logo Placement in the results announcement at Devon or a dedicated virtual event
- 4x Devcon tickets
- 25% Discount on Crowd Sec offerings [transferable]
- 1x Dedicated Twitter post announcing sponsorship from Immunefi Twitter handle
Panda Partners +30 ETH Commitment (Approx. $100,000)
- 1x Unique NFT with leaderboard rank
- Leaderboard listing on the sponsor landing page
- Mid-roll logo placement on Sponsor and Program Landing Page
- 2x Devcon tickets
- 10% Discount on Immunefi Crowd Sec offerings [Transferable]
- 1x Dedicated Twitter post announcing sponsorship from Immunefi Twitter handle
Key dates include:
July 8-11: EthCC program announcement
August 8: Detailed program announcement and education kickoff.
3rd Week of August: Attackathon hunting begins.
Mid-October: Attackathon concludes, and results compilation begins.
November 9-17: Results announced at Devcon.
Evaluation
The reports will be triaged by the Immunefi team and judged by EF and client team security researchers.
Any unused funds will roll over to future audit contests and security research.
I look forward to hearing from the Gnosis community on helping secure the Ethereum protocol.