GIP-111: Should the GnosisDAO fund the Ethereum Protocol Attackathon?

Summary:

Ethereum needs more security researchers to examine the codebase and help find vulnerabilities. As the ecosystem has grown, this is an excellent opportunity to co-fund an audit challenge with the Ethereum community.

The Ethereum Foundation (EF) invites sponsors to support the reward pool for the eight-week Ethereum Attackathon.

This event aims to enhance the security of the Ethereum protocol by organizing the largest crowdsourced security audit competition. The goal is to raise over $2 million, with $500,000 committed from the Ethereum Foundation.

The Attackathon will be hosted on Immunefi, which they do at no cost, meaning all contributions go directly to securing the protocol.

This challenge is especially relevant for Gnosis. Gnosis has a similar architecture, is the only EVM with a beacon chain and uses the same clients.

A security bug bounty on the Ethereum core protocol benefits the Gnosis Chain by identifying shared vulnerabilities, enhancing overall security, and fostering a stronger developer community. This collaborative approach ensures cost-effective, high-quality security improvements and maintains trust and interoperability between the chains.

Duration: Eight weeks

Funding: 100,000 usd

Specification

What is an Attackathon?

An Attackathon is a comprehensive event involving three phases:

Before the Attackathon: A comprehensive education program on the protocol’s code delivered via live technical walkthroughs and Attackathon Academy content.

During the Attackathon, Security researchers hunt the code based on specific rules to qualify for rewards. Only reports that are impactful as specified by the rules of the Attackathon, will be rewarded.

After the Attackathon: Immunefi evaluates and compiles the results in the form of an official Attackathon report and spotlights top researchers with NFT awards and a leaderboard.

The Attackathon aims to be the largest-ever crowdsourced security audit contest conducted to augment security for the entirety of the protocol’s code.

Rationale

The Ethereum Foundation has a permanent bug bounty, although it does not get the awareness and eyeballs it should get on the code.

Running the largest audit contest now will help increase the security of the Ethereum protocol and upskill security researchers for contests at every hard fork in the future.

• Shared Codebase and Vulnerabilities: Vulnerabilities in Ethereum could apply to the Gnosis Chain due to their shared codebase.
• Security Enhancements: Ethereum’s security improvements directly enhance the Gnosis Chain’s security boosting trust for Ethereum and Gnosis.
• Ecosystem: A secure Ethereum fosters a confident developer community, benefiting the Gnosis Chain
• Cost-Effective Security: Aligning with Ethereum’s security efforts provides high-quality assessments without bearing the total cost.

Budget

We seek to raise at least $2 million, with the EF contributing $500k. So far, a few projects have signed up to secure Ethereum.

Based on feedback, we created a couple of tiers, although a project can be sponsored with any amount they wish.

Unicorn Partners (+75 ETH Commitment (Approx. $250,000) (limited to two projects)

• 1x Unique NFT with leaderboard rank
• Participation in Attackathon Kick-off Twitter Space as a partner speaker
• Leaderboard Placement on Sponsor page
• Top-tier logo placement on Sponsor and Program Landing Page
• Top-tier logo placement on the Program Education page and program report
• Call out in Press Releases and EF and Immunefi Program Announcement Blogs
• Digital Logo Placement in the results announcement at Devon or a dedicated virtual event
• 4x Devcon tickets
• 25% Discount on Crowd Sec offerings [transferable]
• 1x Dedicated Twitter post announcing sponsorship from Immunefi Twitter handle

Panda Partners +30 ETH Commitment (Approx. $100,000)

• 1x Unique NFT with leaderboard rank
• Leaderboard listing on the sponsor landing page
• Mid-roll logo placement on Sponsor and Program Landing Page
• 2x Devcon tickets
• 10% Discount on Immunefi Crowd Sec offerings [Transferable]
• 1x Dedicated Twitter post announcing sponsorship from Immunefi Twitter handle

Key dates include:

July 8-11: EthCC program announcement

August 8: Detailed program announcement and education kickoff.
3rd Week of August: Attackathon hunting begins.
Mid-October: Attackathon concludes, and results compilation begins.
November 9-17: Results announced at Devcon.

Evaluation

The reports will be triaged by the Immunefi team and judged by EF and client team security researchers.

Any unused funds will roll over to future audit contests and security research.

I look forward to hearing from the Gnosis community on helping secure the Ethereum protocol.

Hello, thx for your proposal.
The Ethereum foundation is already very rich, We have no interest in financing this. Maybe my answer is too “easy” but I don’t see the point in giving.

100% agree with this proposal. Since Gnosis Chain has the same architectural design as Ethereum, the overall benefits of this proposal for the security, health, and future of the chain are quite significant. Additionally, it is a very good opportunity for the developer community to testing, building and improving current features.

Thanks for the proposal

As @armog says above, the reliance of Gnosis Chain on Ethereum’s technology and development does provide some good justification to support this proposal. Though the Ethereum Foundation is well funded, a joint funding arrangement as envisaged here seems fair. The $100k request is also relatively reasonable in the scheme of the DAO’s treasury.

With that said, we would prefer to see a more conscientious approach to supporting Ethereum, as opposed to simply approving any ad hoc proposals as they arise. Allocating a set budget for the year, putting out a request for proposals (such as this one), and allowing the DAO members to vote on the allocation of that budget among qualifying proposals would be a much more satisfying means of reaching the same ends. To the extent an arrangement like this is within your remit @snapcrackle, we would be interested to explore further beyond this proposal.

Given the Attackathon is fast approaching, we are leaning towards supporting this proposal on a one-off basis.

Massively support. We are Ethereum and Ethereum is us. The tighter we bind ourselves to ETH the better. Lets continue to get the Gnosis name out there and support Ethereum. Easy yes.

Hey @staworth, that’s great to hear. I would be happy to have a deeper discussion beyond this proposal.

Snapshot is live: Snapshot