Name of Grant
Ethereum Protocol Security Attackathon Sponsorship
What is the work being proposed?
The proposal is to sponsor the reward pool for the Ethereum Attackathon, a comprehensive security audit competition aimed at augmenting the security of the Ethereum protocol. The event includes education programs, a bug-hunting contest, and the compilation of results in an official report.
Is there any related work this builds off of?
Some of the protocols have been heavily looked at, although some parts are not enough, and we hope this is the largest-ever crowdsourced bug bounty challenge to secure Ethereum.
Will the results of this project be entirely open source?
Yes, the results, including the compiled reports and educational content, will be available to the public.
Benefits
-
Enhanced security for the Ethereum protocol.
-
Increased awareness and education about Ethereum’s technical underpinnings.
-
Promotion and recognition for sponsors through NFTs / Logo and leaderboard placements.
Which other non-RPL protocols, DAOs, projects, or individuals, would stand to benefit from this grant?
-
Any project utilizing the Ethereum protocol will benefit from the improved security.
-
Security researchers and participants will gain recognition and rewards.
-
The broader blockchain community will benefit from increased security awareness and education.
Work
Who is doing the work?
The work will be conducted by independent security researchers/teams - anyone who wants to join in.
What is the background of the person(s) doing the work? What experience do they have with such projects in the past?
Immunefi is hosting the challenge and has extensive experienceThey have a community of over 1,000 researchers who have protected $190 billion in user funds.
What is the breakdown of the proposed work, in terms of milestones and/or deadlines?
8th - 11th July: EthCC Program Announcement, Immunefi Homepage takeover, Sponsor Landing page with Leaderboard goes live.
1st Week August: Attackathon details announced, Education Program kicks off, second press release with final sponsors.
3rd Week August: Attackathon Hunting begins.
4th Week September: Attackathon concludes, and results compilation begins.
9- 17 November: Attackathon results were announced at Devcon, and summary results and key winners were published.
How is the work being tested? Is testing included in the schedule?
Testing is integral to the Attackathon, with security researchers actively hunting for bugs and Immunefi evaluating and compiling the results to ensure accuracy and impact.
How will the work be maintained after delivery?
Post-competition, Immunefi will publish a comprehensive report and maintain the leaderboard, ensuring continued engagement and recognition for contributions.
Costs
Successful completion of the Attackathon with impactful bug reports compiled into an official report, recognition of top researchers, and distribution of NFTs to sponsors.
What is the proposed payment schedule for the grant? How much USD $ and over what period of time is the applicant requesting?
The proposal seeks to raise $2 million, with specific sponsorship levels such as $250,000 (75 ETH) for Unicorn Partners and $100,000 (30 ETH) for Panda Partners, with payments structured based on commitment tiers and milestone achievements. A project can support with any figure though.
Is the applicant requesting RPL or LUSD?
The sponsorship amounts are specified in ETH (Ethereum) although I believe both are potential options.
How will the GMC verify that the work delivered matches the proposed cadence?
The GMC can verify the work through scheduled updates, public announcements, and the publication of the official Attackathon report, along with real-time leaderboard and sponsor recognition updates.
What alternatives or options have been considered in order to save costs for the proposed project?
Engaging multiple sponsors and offering tiered sponsorship levels ensures a diversified funding approach, reducing the financial burden on any single entity.
Conflict of Interest
Does the person or persons proposing the grant have any conflicts of interest to disclose? (Please disclose here if you are a member of the GMC or if any member of the GMC would benefit directly financially from the grant).
No conflicts of interest (fwiw I am a member of the EF)
Will the recipient of the grant, or any protocol or project in which the recipient has a vested interest (other than Rocket Pool), benefit financially if the grant is successful?
No, I don’t think so.