Snapshots

Visit forum

Aave v3.1 Cantina competition














Aave v3.1 Cantina competition







Author

BGD Labs @bgdlabs

Creator

0xf71fc92e2949ccF6A5Fd369a0b402ba80Bc61E02

Simple Summary

Proposal for the Aave DAO to have a Cantina security competition for the upcoming Aave v3.1 upgrade, to complement the other security procedures already completed. The budget will be a total of $195’000, with $150’000 prize pool and the rest ($45'000) allocated to platform and judging fees.

Motivation

With the Aave v3.1 upgrade well received by the community, and now entering into its final stages of pre-activation governance procedures, from the BGD side we have been thinking on how to add even more security assurances, in addition to what was already done and described HERE.

Open security competitions/contests are getting important adoption as a good pre-production mechanism: a scope is defined for some public code, and any security researcher can look into it for a limited period of time, in order to the prizes from a common prize pool. The more bugs found (and more unique, amongst other characteristics of the finding), the better the rewards.

We think that a competition can have extra security value for the improvements included into Aave v3.1, and after evaluating different solutions in the market, we have decided that doing an open Cantina competition fits into our requirements.

Specification

After discussions with their team regarding options, we propose to create a

Cantina competition
with the following characteristics:

  • $150’000 total prize pot, with the following limitations:

    • If there is any High (highest grade) finding, the whole $150’000 prize pot will be distributed.
    • If there is only Medium or lower grade findings, $50’000 prize pot will be distributed.
    • If there is only Lower/Informational, $20’000 prize pot will be distributed.

    The total of funds will be transferred initially to Cantina, and if applicable reimburse afterwards to the Aave DAO contracts.

  • 20% fees over the total prize pot, amounting $30’000. Additional $15’000 for Cantina judging.

  • The competition will last for 10 calendar days, starting on 10th May.

  • Before the start, BGD Labs will collaborate with Cantina to have the best possible setup for researchers to tackle the competition, including but not limited to all required extra documentation. During the competition, we will also give all necessary support.

  • The execution of the on-chain AIP proposal will act as a binding agreement between the Aave DAO and Cantina. The formal SoW (Scope-of-Work) between the Aave DAO and Cantina can be found HERE.

  • Only current or previous team members of BGD Labs and Certora, MixBytes (auditors of v3.1) during the last 6 months are non-eligible for any prizes in the competition, given the conflict of interest. Any other entity or individual is allowed to participate.

  • On the technical aspects, the proposal payload will release 195'000 GHO to the wallet designed by Cantina 0x3Dcb7CFbB431A11CAbb6f7F2296E2354f488Efc2.

References

Copyright

Copyright and related rights waived via CC0.

by BGD Labs